Home/ Questions/Q 9143875
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T10:07:53+00:00

I’m having a small issue with inserting data from a form into my database,

  • 0

I’m having a small issue with inserting data from a form into my database, the following INSERT statement:

        if (isset($_REQUEST['Submit'])) { 
        // Code to insert note into field;
        $sql = "INSERT INTO fields (notes) VALUES   
        ('".mysql_real_escape_string(stripslashes($_REQUEST['note']))."') 
        WHERE companyId='".$companyid['id']."' AND fileNumber ='".$filename."'";

        if($result = mysql_query($sql)) { 
        echo "<h1>Thank you</h1>Your information has been entered into our database<br><br>";
        } else { 
        echo "ERROR: ".mysql_error(); 
        } 
        } else {

Produces this error message:

        ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE companyId='11' AND fileNumber =''' at line 1

First and foremost the $filename variable obviously isn’t showing up, I can copy the $companyid[id] var into the field and it display the var contents correctly but still throws up the syntax error.

I’m a PHP SQL noob and am teaching myself so please go gentle on me 🙂

Heres the full code minus the form

      <?php 
include "header.php";
$checkFiles = "checkFiles.php";
// Catches form input from previous page and stores it into session variable called filename for future reference;
$_SESSION['filename']=$_POST['filename'];
$filename = $_SESSION['filename'];
//User id stuff from previous page too; 
$userid = $_SESSION['userid'];
$id = mysql_query("SELECT id FROM users WHERE DXNumber='".$userid."'");
// Returns pointer so fetch it as an array and insert it into variable $companyid for later use;
$companyid = mysql_fetch_array($id);

if (isset($_REQUEST['Submit'])) { 
// Code to insert note into field;
$sql = "INSERT INTO fields (notes) VALUES ('".mysql_real_escape_string(stripslashes($_REQUEST['note']))."') 
        WHERE companyId='".$companyid['id']."' AND fileNumber ='".$filename."'";
    if($result = mysql_query($sql)) { 
        echo "<h1>Thank you</h1>Your information has been entered into our database<br><br>";
        } else { 
        echo "ERROR: ".mysql_error(); 
        } 
        } else { 
        ?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    INSERT INTO statements don’t have WHERE clauses.

    It should be INSERT INTO <table> (field1, field2, field3) VALUES (value1, value2, value3)
    and not INSERT INTO <table> (field1) VALUES (value1) WHERE field2 = value2 etc.

    See http://dev.mysql.com/doc/refman/5.5/en/insert.html.

    • 0