0

I have been having trouble with my code, and I keep getting this error. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[table_name]" at line 1

My code for this is as follows:

 <?
//indicate the database you want
$db_name="test";

//connect to database
$connection = @mysql_connect("localhost","root","") or die (mysql_error());
$db = @mysql_select_db($db_name,$connection) or die (mysql_error());
//start the sql statement
$sql = @"CREATE TABLE $_POST[table_name] (";


for ($i =0;$i < count($_POST['field_name']);$i++){
    $sql .=$_POST['field_name'][$i]." ".$_POST['field_type'][$i];
    if ($_POST["field_length"][$i] !="") {
        $sql .= " (".$_POST ["field_length"][$i]."),";
    } else {
        $sql .= ",";
    }
}
//clean up
$sql = substr($sql,0,-1);
$sql .= ")";
//execute
$result = mysql_query($sql,$connection) or die(mysql_error());

//get a good message for success
if ($result) {
    $msg = "<P>".$_POST['table_name']." has been created!</p>";
    }
    ?>

I have a form seperate for table name, and number of fields, a seperate php doc for the other database stuff, it is just giving me trouble on my local host whenever I try to run this document after the other two.

After Echoing edited statements for $sql and $_POST I received the message,

"CREATE TABLE $_POST[table_name]"...$_POST[table_name]"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[table_name]"...hey char (1))' at line 1"

Improve this question
2
  • 1
    Sanitize your inputs. Never relay unchecked user input. Commented Dec 5, 2013 at 9:29
  • can we get an echo $sql please? Commented Dec 5, 2013 at 9:31

2 Answers 2

Reset to default
1

Looks like $_POST[table_name] is not replaced with the value in your query try

$sql = "CREATE TABLE ". $_POST['table_name']." (";
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

No luck, I got the error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[table_name]" (hey char (1))' at line 1" Everything else except table name showed up again
"CREATE TABLE $_POST[table_name]" (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[table_name]" (free char (1))' at line 1" Is what I received after I echo'd on line 10, after line 9
very strange did you use the exact code i provided because where are the single quotes in $_POST[table_name]
" CREATE TABLE $_POST[table_name]" (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[table_name]" (hey char (1))' at line 1" Is what I received after recopy and pasting it, since i'm trying multiple answers at a time. No luck availed after double checking, and the echo appears to be the same.
1

You have to put table_name in ', because you want to access the $_POST['table_name'].

That's why your query must begin like this:

"CREATE TABLE ".$_POST['table_name']."..

And you should always escape $_POST[] or $_GET[] values to prevent SQL Injection.

Use the function mysql_real_escape_string($_POST...) for escaping or use prepared statements with PDO.

Also mysql_... is deprecated. Switch to mysqli_..!

Improve this answer

15 Comments

I'm still receiving the error, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[table_name]" (hey char (1))' at line 1"
That can't be, because table_name is not longer in the $sql String. Are you sure you wrote EXACTLY $sql = "CREATE TABLE ".$_POST['table_name']."..."; ?
Yes, I just copy and pasted that exact statement, and i'm still receiving the same error.
Can you just echo me your $sql please? AND your $_POST['table_name'] echo also?
That can't be...except $_POST['table_name'] contains $_POST[table_name]. Are you sure you updated this in the file on your webserver and not only in a local file?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.