[SOLVED] Problem with simple INSERT scirpt. Can't find what's wrong...

[patheticsam]

Hi. I have an HTML form.....The the form is processed to INSERT the data into mySQL table I get an error. I've double checked my script and can't fin what's the problem.....Maybe anyone here can help....

 

 

Here the INSERT code :

 

<?php
$con = mysql_connect("localhost","user1","password");

$_POST['titre'] = mysql_real_escape_string($_POST[titre]);
$_POST['descrp'] = mysql_real_escape_string($_POST[descrp]);

if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }mysql_select_db("plesk_data", $con);$sql="INSERT INTO annonccom ( `titre`, `date`, `prix`, `type`, `nombre`, `region`, `ville`, `descrp`, `nom`, `email`, `email`, `phone`, `picture`
VALUES
('$_POST[titre]','$_POST[date]','$_POST[prix]','$_POST[type]','$_POST[nombre]','$_POST[region]','$_POST[ville]','$_POST[descrp]','$_POST[nom]','$_POST[email]','$_POST[phone]','$_POST[picture]')";if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }

echo "Inserted";
?>

 

And here's the error I get :

 

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES ('J\'ai fait test ��','1er mai 2009','1200','Maison','5 1/2','Montreal','' at line 2

 

 

 

I know it's probable something stupid but can't find....Thanks!!

[ohdang888]

don't do this:

('$_POST[titre]','$_POST[date]','$_POST[prix]','$_POST[type]','$_POST[nombre]','$_POST[region]','$_POST[ville]','$_POST[descrp]','$_POST[nom]','$_POST[email]','$_POST[phone]','$_POST[picture]')

 

a)its inserce and very easy to hack your databse when you do this

b) you run into syntax errors...

 

instead do this:

 

$date = mysql_real_escape_string($_POST['date']);

and this:

('$titre','$date','$_POST[prix]','$_POST[type]','$_POST[nombre]','$_POST[region]','$_POST[ville]','$_POST[descrp]','$_POST[nom]','$_POST','$_POST[phone]','$_POST[picture]')

 

do that for ALL the variables.

[patheticsam]

Ok I did escaped the code but I still get the same error....

 

Here's the new code :

 

<?php
$con = mysql_connect("localhost","user1","password");

$titre = mysql_real_escape_string($_POST['titre']);
$date = mysql_real_escape_string($_POST['date']);
$prix = mysql_real_escape_string($_POST['prix']);
$type = mysql_real_escape_string($_POST['type']);
$nombre = mysql_real_escape_string($_POST['nombre']);
$region = mysql_real_escape_string($_POST['region']);
$ville = mysql_real_escape_string($_POST['ville']);
$descrp = mysql_real_escape_string($_POST['descrp']);
$nom = mysql_real_escape_string($_POST['nom']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$picture = mysql_real_escape_string($_POST['picture']);

if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }mysql_select_db("plesk_data", $con);$sql="INSERT INTO annonccom ( `titre`, `date`, `prix`, `type`, `nombre`, `region`, `ville`, `descrp`, `nom`, `email`, `phone`, `picture`
VALUES
('$titre','$date','$prix','$type','$nombre','$region','$ville','$descrp','$nom','$email','$phone','$picture')";if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }

echo "Votre annonce a été enregistré avec succès";
?>

[Ken2k7]

Close the first parenthesis after `picture`

[patheticsam]

Thats was it..didn't see it... thanks a lot!