Looking for some PHP help. error in your SQL syntax

Discussion in 'BlackHat Lounge' started by Oblivion13, Dec 13, 2011.

  1. Oblivion13

    Oblivion13 Regular Member

    Joined:
    Sep 7, 2011
    Messages:
    479
    Likes Received:
    256
    Hey All,

    I am new at PHP and I am trying to make a form post to the database and when I click on Submit, I am getting this error.

    Here is the post.php that I am using.

    Code:
    <?php
    // Pick up the form data and assign it to variables
    $id = $_POST['id'];
    $name = $_POST['name'];
    $model = $_POST['model'];
    $desc = $_POST['desc'];
    $image = $_POST['image'];
    
    
    // contact to database
    
    $connect = mysql_connect("localhost", "ADMIN", "PASS") or die ("Error , check your server connection.");
    
    mysql_select_db("DBNAME");
    
     
    
    //Get data in local variable
    
    $id=$_POST['id'];
    $name=$_POST['name'];
    $model=$_POST['model'];
    $desc=$_POST['desc'];
    $image=$_POST['image'];
     
    
    // check for null values
    
    if ($name==""  or $model=="")
    
    echo "All fields must be entered, hit back button and re-enter information";
    
    else{
    
    $query="INSERT INTO new_equip(id, name, model, desc, image) 
    VALUES('$id','$name','$model','$desc','$image')";
    
    
    
    mysql_query($query)  or die(mysql_error());
    
    
    }
    
    // Redirect
    header("Location: Admin_AddListing.php");
    
    ?>
    I am running PHP Version 5.2.17


    If anyone can help me with this I would sure appreciate it. I have been searching and trying to fix it for over 2 hrs now.
     
    Last edited: Dec 13, 2011
  2. bastienvans

    bastienvans Newbie

    Joined:
    May 3, 2009
    Messages:
    20
    Likes Received:
    2
    Use backticks in your query.

    $query="INSERT INTO new_equip(`id`, `name`, `model`, `desc`, `image`) VALUES('$id','$name','$model','$desc','$image')";
     
    • Thanks Thanks x 1
  3. Oblivion13

    Oblivion13 Regular Member

    Joined:
    Sep 7, 2011
    Messages:
    479
    Likes Received:
    256
    That did it, And the funny part is I did that but I used the ' not the `

    I sure appreciate it. Just learning php, what a learning curve.
     
  4. bastienvans

    bastienvans Newbie

    Joined:
    May 3, 2009
    Messages:
    20
    Likes Received:
    2
    You're welcome. :)
     
  5. madoctopus

    madoctopus Supreme Member

    Joined:
    Apr 4, 2010
    Messages:
    1,265
    Likes Received:
    3,525
    Occupation:
    Full time IM
    desc (stands for descending) is a reserved word in sql - used with 'order by' (e.g. order by colname desc)

    you use regular quotes or doublequotes for values and backticks for column names if they're the same with a reserved word