0

So I am trying to build a function (modifying another one) and I have the array posting fine to the function. It seems that the formating may be off for the INSERT command with my function. I have been looking for the past two hrs and can't find where I may have gone run.

Here is the function, Error code below!

public static function addCompany($toInsert = array()){
  self::construct();
  if( count($toInsert) == 0 ){
    echo "Nothing posted!";
  }else {
    $keys   = array_keys($toInsert);
    $columns = implode(",", $keys);
    $colVals = implode(",:", $keys);

  $sql = self::$dbh->prepare("INSERT INTO companys {$columns} VALUES(:$colVals)");
  //$sql->bindValue(":id", $company);
  foreach($toInsert as $key => $value){
    $value = htmlspecialchars($value);
    $sql->bindValue(":$key", $value);
  }
  $sql->execute();
  return true;
 }
}

Here is the array coming in.

$vname = $_POST["name"];
$vlogo = $_POST["logo"];
$vinfo = $_POST["info"];
$vsite = $_POST["site"];
$vest = $_POST["est"];
$data = array('name' => $vname, 'logo' => $vlogo, 'info' => $vinfo, 'site' => $vsite, 'est' => $vest);

Here is the error.

2017/01/07 18:30:22 [error] 9682#9682: *3352 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name,logo,info,site,est VALUES('test','test','test','test','test')' at line 1' in /var/www/xxxx/inc/xxxxxxx.php:938

Any help would be fantastic!

Improve this question
4
  • Why are you trying to build the columns/values like this? This is what the 4th question on this.. Commented Jan 7, 2017 at 20:34
  • I would start by echoing the query you think you are building i.e. $sql = "INSERT INTO companys {$columns} VALUES(:$colVals)"; echo $sql; that should show you what a mess you are making of this Commented Jan 7, 2017 at 20:38
  • dev.mysql.com/doc/refman/5.7/en/insert.html Commented Jan 7, 2017 at 20:47
  • Why are you calling htmlspecialchars on your values? This just mangles them for no reason. Commented Jan 7, 2017 at 21:22

1 Answer 1

Reset to default
3

Your INSERT query is wrong, you missed the parentheses encapsulating the column names. See here,

$sql = self::$dbh->prepare("INSERT INTO companys {$columns} VALUES(:$colVals)");
                                                 ^^^^^^^^^^

Your query statement should be like this:

$sql = self::$dbh->prepare("INSERT INTO companys ({$columns}) VALUES(:$colVals)");
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

You were the Eagle Eye on this one. I literally had to squint (my eyes) to see what they had. I guess I should have zoomed in.
@Fred-ii- hahaha, yeah, sometimes I also zoom in to look for probable syntax errors. :-)
It's because I'm running off a rather high res screen/resolution; it was a tad misleading. Good catch ;-)
Thanks for the help, been a long day :) That worked!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.