Krill Krill - 9 days ago 6
MySQL Question

Error because of SQL syntax

I am creating a form that uploads images to a server and another file that retrieves the image from the database.

Error:


error in INSERT into 'images_tbl' ('images_path','submission_date') VALUES ('images/04-01-2015-1420392279.png','2015-01-04') == You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''images_tbl' ('images_path','submission_date') VALUES ('images/04-01-2015-14' at line 1


index.php:

<form action="saveimage.php" enctype="multipart/form-data" method="post">

<table style="border-collapse: collapse; font: 12px Tahoma;" border="1" cellspacing="5" cellpadding="5">
<tbody><tr>
<td>
<input name="uploadedimage" type="file">
</td>

</tr>

<tr>
<td>
<input name="Upload Now" type="submit" value="Upload Image">
</td>
</tr>

</tbody></table>

</form>


index2.php:

<?php
include("mysqlconnect.php");

$select_query = "SELECT 'images_path' FROM 'images_tbl' ORDER by 'images_id' DESC";
$sql = mysql_query($select_query) or die(mysql_error());
while($row = mysql_fetch_array($sql,MYSQL_BOTH)){

?>

<table style="border-collapse: collapse; font: 12px Tahoma;" border="1" cellspacing="5" cellpadding="5">
<tbody><tr>
<td>

<img src="<?php echo $row[" images_path"];="" ?="">" alt="" />">

</td>
</tr>
</tbody></table>

<?php
}
?>


mysqlconnect.php:

<?php
/**********MYSQL Settings****************/
$host="localhost";
$databasename="karma";
$user="root";
$pass="";
/**********MYSQL Settings****************/

$conn=mysql_connect($host,$user,$pass);

if($conn)
{
$db_selected = mysql_select_db($databasename, $conn);
if (!$db_selected) {
die ('Can\'t use foo : ' . mysql_error());
}
}
else
{
die('Not connected : ' . mysql_error());
}
?>


saveimage.php:

<?php
include("mysqlconnect.php");

function GetImageExtension($imagetype)
{
if(empty($imagetype)) return false;
switch($imagetype)
{
case 'image/bmp': return '.bmp';
case 'image/gif': return '.gif';
case 'image/jpeg': return '.jpg';
case 'image/png': return '.png';
default: return false;
}
}

if (!empty($_FILES["uploadedimage"]["name"])) {

$file_name=$_FILES["uploadedimage"]["name"];
$temp_name=$_FILES["uploadedimage"]["tmp_name"];
$imgtype=$_FILES["uploadedimage"]["type"];
$ext= GetImageExtension($imgtype);
$imagename=date("d-m-Y")."-".time().$ext;
$target_path = "images/".$imagename;

if(move_uploaded_file($temp_name, $target_path)) {

$query_upload="INSERT into 'images_tbl' ('images_path','submission_date') VALUES

('".$target_path."','".date("Y-m-d")."')";
mysql_query($query_upload) or die("error in $query_upload == ".mysql_error());

}else{

exit("Error While uploading image on the server");
}

}

?>;


SQL:

CREATE TABLE images_tbl(
images_id INT NOT NULL AUTO_INCREMENT,
images_path VARCHAR(200) NOT NULL,
submission_date DATE,
PRIMARY KEY (images_id)
);

Answer

Remove the single quotes from table name and column list.

INSERT into images_tbl (images_path,submission_date) 
         VALUES ('images/04-01-2015-1420392279.png','2015-01-04')

If object names are like keywords then use backticks not single quotes

Comments