Why does Explicitly putting Null on sql statement yields SQLSTATE[42000] error?

Question

Because putting NULLs inside the variables gives headache here in PHP, I resorted to explicitly putting NULL on the prepared statement

The script is a csvupload script originally came from here Import CSV into MySQL

            $linemysql = implode("','",$linearray);
            $linemysql = "'".$linemysql."'";
            $sql="SELECT * FROM `".$tblmei."` WHERE `".$shuHint."` = ".$linearray[0];
            $stmt = $setsu->query($sql);
            $rwCnt=$stmt->rowCount();
            if ($rwCnt==0){
                $fumeiKazu=substr_count($linemysql,"'Unknown'");
                echo "<br>fumeiKazu=".$fumeiKazu;
                if ($fumeiKazu==1)
                {
                    $fumeiPos=mb_strpos($linemysql,"'Unknown'");
                    $l1=mb_substr($linemysql,0, $fumeiPos);
                    echo "<br>l1=".$l1;
                    $sfumeiPos=$fumeiPos+9;
                    echo "<br>sfumeiPos=".$sfumeiPos;
                    $l2=mb_substr($linemysql,$sfumeiPos);
                    echo "<br>l2=".$l2;
                    echo "<br>".$l1.NULL.$l2;
                    $tsuika = $setsu->prepare("INSERT INTO ".$tblmei." VALUES (".$l1.NULL.$l2.")");
                $tsuika->execute();
                $dataHaitaKazu++;
                }
            }

The idea of this php script block is when it finds Unknown, post it as NULL as the row's Risk during query

I made sure the the Risk column in the table structure phpmyadmin accepts null and default is null.

This is what I came up

$tsuika = $setsu->prepare("INSERT INTO ".$tblmei." VALUES (".$l1.NULL.$l2.")");

And it yiedls this error:

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,'testArea','0')' at line 1' in

Can you tell me, why you're preparing a query with values? That's not how you use Prepared Statements. Take a proper look for what Prepared Statements was invented. — Charlotte Dunois, Aug 02 '14 at 09:56
Maybe you should take a look at the built query by outputting it and maybe throw it through phpmyadmin if the query looks good. — Charlotte Dunois, Aug 02 '14 at 09:56
I'll refer you to an answer of me where is an example of prepared statements included. The original question wasn't about it, but I felt free to include one. http://stackoverflow.com/questions/25024438/how-to-connect-to-mysql-using-php/25024618#25024618 — Charlotte Dunois, Aug 02 '14 at 09:59
Sorry for that, I said there that I just came up with that. May I know the proper way? — leipzy, Aug 02 '14 at 09:59
hmm before I created this post, I'm asking a bunch of peoples regarding with NULLs here and they didnt told me that what Im doing with prepared statement is not proper. http://stackoverflow.com/questions/25030447/php-pdo-why-does-inserting-null-yields-to-0/25034116?noredirect=1#comment39045400_25034116 — leipzy, Aug 02 '14 at 10:01

Why does Explicitly putting Null on sql statement yields SQLSTATE[42000] error?

0 Answers0