I feel so stupid, but I can’t find the error…
Thanks.
$l_sSql = 'INSERT INTO ftb2010_winners ("first_name", "last_name", "email", "dob", "token", claimed_status) VALUES (\''.$l_aData['firstName'].'\',\''.$l_aData["lastName"].'\',\''.$l_aData["email"].'\',\''.$l_aData["year"].'-'.$l_aData["month"].'-'.$l_aData["day"].'\', "token", 0;';
Here is the error when I run it
#1064 – You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server
version for the right syntax to use
near ‘”first_name”, “last_name”,
“email”, “dob”, “token”,
claimed_status) VALUES (‘Phi’ at line
1
Edit… Ok, thanks… got it, yes I knew it was something stuipid that I was missing
First error: field names should be enclosed in backticks, not quotes. (and even then, the backticks are only necessary if the field name is a reserved SQL word or contains special characters. Generally it’s a good idea to have backticks, but in your example you can get away without them)
Second error: missing closing bracked on end of query.
Possible error: Make sure all the variables you’re using are properly escaped. Failure to do so will result in your code being vulnerable to SQL injection attacks. (I can’t tell if this is actually a problem for you without seeing more of your code)
Style issue: you’re mixing your quotes between single and double quotes without any good reason. ie some of your values are in single quotes, others are in double quotes. Be consistent. Also, all those escaped single quotes make the whole thing very hard to read!