Xyloman Xyloman - 4 months ago 15
MySQL Question

You have an error in your SQL syntax

Hi im running into this error and i just cant seem to see the problem so any ideas, a fresh set of eyes might help.

Full Error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc='ittititi', price='22', img='img.png'' at line 1

<?php
// Include MySQL class
require_once('../inc/mysql.php');
// Include database connection
require_once('../inc/global.inc.php');
// Include functions
require_once('../inc/functions.inc.php');
// Start the session
session_start();
?>
<?php

// try to create a new record from the submission
$genre = mysql_real_escape_string($_REQUEST['genre']);
$title = mysql_real_escape_string($_REQUEST['title']);
$desc = mysql_real_escape_string($_REQUEST['desc']);
$price = mysql_real_escape_string($_REQUEST['price']);
$img= mysql_real_escape_string($_REQUEST['img']);

if (!empty($genre) && !empty($title) && !empty($desc) && !empty($price) && !empty($img)) {

// here we define the SQL command
$query = "SELECT * FROM books WHERE title='$title'";

// submit the query to the database
$res=mysql_query($query);

// make sure it worked!
if (!$res) {
mysql_error();
exit;
}

// find out how many records we got
$num = mysql_numrows($res);
if ($num>0) {
echo "<h3>That book title is already taken</h3>\n";
exit;
}

// Create the record
$query = "INSERT INTO books SET genre='$genre', title='$title', desc='$desc', price='$price', img='$img'";
$res = mysql_query($query)or die(mysql_error());
if (! $res) {
echo mysql_error();
exit;
} else {
echo "<h3>Book Created</h3>\n";
echo $_SESSION['title']=$title;
}
}
?>


<form name="newbook" method="post">
<table border=0>
<tr>
<td>Genre:</td>
<td><input type=text name='genre'></td>
</tr>

<tr>
<td>Title:</td>
<td><input type=text name='title'></td>
</tr>

<tr>
<td>Description:</td>
<td><input type=text name='desc'></td>
</tr>

<tr>
<td>Price:</td>
<td><input type=number name='price'></td>
</tr>
<tr>
<td>Image:</td>
<td><input type=text name='img'></td>
</tr>

<tr>
<td colspan=2>
<input type=submit value="Create my account">
</td>
</tr>
</table>
</form>

Answer

You need to escape reserved words in MySQL like desc with backticks

INSERT INTO books 
SET genre = '$genre', title = '$title', `desc` = '$desc'
                                        ^----^-----------------here