DamienRoche Posted January 2, 2009 Share Posted January 2, 2009 I have seriously been troubleshooting this for nearly 2 hours now. I just don't get it. Here is the code: <?php $insert = mysql_query("INSERT INTO texts (id,title,al,cat,key,d,val,content) VALUES('$id','$t','$a','$c','$k','$d','$i','$co')") or die("mysql said:".mysql_error()); ?> and the output of the fields: REV819712Uc fdasf dsadfas fasfsa fsdadfsa hell 4 fdsafdsadfsa ..and finally, the error: <?php mysql said:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key,d,val,content) VALUES('REV819712Uc','fdasf','dsadfas','fasfsa','fsdadfsa','' at line 1 ?> This is unbelievable. I've tried everything I could. I use this query *all the time* but for some reason I can't figure it out. Any help with this is greatly appreciated. Link to comment https://forums.phpfreaks.com/topic/139206-solved-absolutely-baffledmysql-syntax-error/ Share on other sites More sharing options...
Mchl Posted January 2, 2009 Share Posted January 2, 2009 http://dev.mysql.com/doc/refman/5.1/en/reserved-words.html Link to comment https://forums.phpfreaks.com/topic/139206-solved-absolutely-baffledmysql-syntax-error/#findComment-728095 Share on other sites More sharing options...
DarkWater Posted January 2, 2009 Share Posted January 2, 2009 You can't name a field or table 'key'. Link to comment https://forums.phpfreaks.com/topic/139206-solved-absolutely-baffledmysql-syntax-error/#findComment-728097 Share on other sites More sharing options...
DamienRoche Posted January 2, 2009 Author Share Posted January 2, 2009 hahahaha driven to insanity. Wow...a reserved word. If it wasn't so damn subtle I might have sussed it in less than an hour :/ Nonetheless, thank you so much for hitting me upside the head with some knowledge..and resources thanks. Link to comment https://forums.phpfreaks.com/topic/139206-solved-absolutely-baffledmysql-syntax-error/#findComment-728100 Share on other sites More sharing options...
hobeau Posted January 2, 2009 Share Posted January 2, 2009 one other thing worth noting is that your not escaping your variables thus leaving yourself wide open for a hacker to do anything he/she wishes with your database VERY easily. Use mysql_real_escape_string() to escape your variables. <?php $insert = mysql_query("INSERT INTO texts (id,title,al,cat,key,d,val,content) VALUES('" . mysql_real_escape_string($id) . "','" . mysql_real_escape_string($t) . "','" . mysql_real_escape_string($a) . "','" . mysql_real_escape_string($c) . "','" . mysql_real_escape_string($k) . "','" . mysql_real_escape_string($d) . "','" mysql_real_escape_string($i) . "','" . mysql_real_escape_string($co) . "')") or die("mysql said:".mysql_error()); ?> Link to comment https://forums.phpfreaks.com/topic/139206-solved-absolutely-baffledmysql-syntax-error/#findComment-728101 Share on other sites More sharing options...
DarkWater Posted January 2, 2009 Share Posted January 2, 2009 He just posted a tiny one line snippet. I'm fairly sure he already did that stuff before this line. Link to comment https://forums.phpfreaks.com/topic/139206-solved-absolutely-baffledmysql-syntax-error/#findComment-728102 Share on other sites More sharing options...
DamienRoche Posted January 2, 2009 Author Share Posted January 2, 2009 Yeh, thanks for looking out for me but security comes before common sense for me...which kinda...wait....ugh, never mind. Thanks again guys! Link to comment https://forums.phpfreaks.com/topic/139206-solved-absolutely-baffledmysql-syntax-error/#findComment-728103 Share on other sites More sharing options...
Mchl Posted January 2, 2009 Share Posted January 2, 2009 We don't even know if those variables are input by user... It's always good to remind about security though. Link to comment https://forums.phpfreaks.com/topic/139206-solved-absolutely-baffledmysql-syntax-error/#findComment-728106 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.