We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.
  1. Home
  2. Database

insert in phql

I try to execute this: 

$sql = "INSERT INTO Malware (md5, sha1, AV, time, upload, result)  VALUES 

    ('".$md5."', '".$sha1."', '".$av."', '".$time."', '".$data."', '".$result."'),
    ('".$md5."', '".$sha1."', '".$av1."', '".$time."', '".$data."', '".$result1."'), 
    ('".$md5."', '".$sha1."', '".$av2."', '".$time."', '".$data."', '".$result2."')";

    $query = $this->modelsManager->createQuery($sql);

      $items = $query->execute();

i get this error:

Syntax error, unexpected token COMMA, near to ' ('

Any help, please ?



6.9k
Accepted
answer

Can you post $sql ?

Also you should be using prepared parameters to protected against SQL injection, ie.

$sql = "INSERT INTO Malware (md5, sha1, AV, time, upload, result)  VALUES 
(:md5:, :sha1:, :av:, :time:, :data:, :result:),
(:md5:, :sha1:, :av1:, :time:, :data:, :result1:),
(:md5:, :sha1:, :av2:, :time:, :data:, :result2:);"

$query = $this->modelsManager->createQuery($sql, ['md5' => $md5, 'sha1' => $sha1, 'av' => $av, 'time' => $time, 'data' => $data, 'result' => $result, 'av1' => $av1, 'result1' => $result1, 'av2' => $av2, 'result2' => $result2]);
$items = $query->execute();

You can setup an event against the DB service, or use MySQL general logging to see what the generated query being executed is for further debugging.