[RESOLVED] problem with insert query

emeraldcat

I've been staring at this for a while now and don't see what I'm doing wrong. I keep getting an error that says: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '?,?)' at line 2.

Now, I've used this method before and it worked fine. So I'm not sure what is dorking this up.

My table, called admin, has three fields:
id int(10) UNSIGNED NOT NULL AUTO_INCREMENT
adminuser varchar(45) NOT NULL
pswd varchar(45) NOT NULL

I have a form for the data insert which has three fields: pswd, pswd2 and adminuser.

So I have my query inside of a function:

function enter_adminuser(){ 
session_start(); 
global $db; 

if ($_POST['pswd'] == $_POST['pswd2']){ 
$admin=trim(strip_tags($_POST['adminuser'])); 
$pswd=trim(strip_tags($_POST['pswd'])); 
$pass=md5($pswd); 

$db->query("INSERT INTO admin (adminuser, pswd) 
VALUES (?,?)", 
array($admin, $pass)); 

echo "<br>Thank you! Your data has been entered.\n<br>"; 
}else{ 
echo "Your passwords to not match. Please try again."; 
show_form(); 
} //close for if statement 

} //close for function

I don't even know if my password-match-check works because I can't get past the insert issue.

What am I overlooking here? Am I supposed to tell it that there is an auto_increment field in there or something?

Thanks!
eCat

rincewind456

I think you need quotes around your placeholder values It looks like your using PEAR DB if so this page http://pear.php.net/manual/en/package.database.db.db-common.quotesmart.php should help

emeraldcat

This is really stupid, but I think my problem was not including the file DB.php. Ack! :eek:

Thanks for your suggestion!

eCat