0

I have this query

 mysql_query("INSERT into reviews VALUES(0,$pid,$id,'new')") or die(mysql_error());

It seems to give an error

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''new')' at line 1"

Though it seems perfectly fine, the database table structure is:

 `id` int(11) NOT NULL AUTO_INCREMENT,
  `proposalid` int(11) NOT NULL,
  `reviewerid` int(11) NOT NULL,
  `status` enum('approved','declined','noresponse','new') NOT NULL DEFAULT 'new',
  PRIMARY KEY (`id`);

There seems to be nothing wrong, but why the error?

4

3 回答 3

0

Have you tried either using DEFAULT for the auto-increment instead of 0, or explicitly declaring the columns INSERT into reviews (proposalid, reviewerid, status) VALUES($pid, $id, 'new')?

于 2013-05-22T03:09:01.677 回答
0

The value of $id could be causing an erroneous quote to throw the error.

For example,

$pid = "6";
$id = "5'";

Would cause:

INSERT into reviews VALUES(0,6,5','new')

You should also use a column list when making an INSERT statement. Since new is the default for the status column, you can exclude it altogether (as well as excluding the auto increment primary key):

INSERT into reviews (proposalid, reviewerid) VALUES($id, $pid)

If $id and $pid are user inputs, then you need to use prepared statements. Also, the API you're using (mysql_) is deprecated. PDO or mysqli_ are the replacements and both allow prepared statements to sanitize inputs.

于 2013-05-22T03:11:01.520 回答
0

Since your default value of ENUM status is set to 'new', can you try your INSERT such as :

mysql_query("INSERT into reviews (`proposalid`, `reviewrid`) VALUES($pid, $id);") or die(mysql_error());

Maybe the error will be more talking after this.

于 2013-05-22T03:11:53.067 回答