[SOLVED] Mysql 5 Insert into syntax error.

[sarzilla]

Hello,

 

I am new to phpfreaks.com, also new to php it self.

 

I am trying to do a simple task on a php website.

 

I am trying to allow a user to insert a row of data into mysql, via a form. After researching for hours on google, I still have no luck. I was hoping some experts could help me out.

 

Like i said I am using Mysql5

 

The Error I keep getting is :

 

ou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, date, price, img) VALUES ('jnkj','njkn','jkn','kj','nn'' at line 1Y

 

Disregard the values, those were just inputted by me, over frustration.

 

Here are my scripts

 

Form:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01

Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

 

<head>

<title>Form Input Data</title>

</head>

 

<body>

<table border="1">

  <tr>

    <td align="center">Events</td>

  </tr>

  <tr>

    <td>

      <table>

        <form method="post" action="insert_events.php">

        <tr>

          <td>Name</td>

          <td><input type="text" name="event_" size="20">

          </td>

        </tr>

        <tr>

          <td>Address</td>

          <td><input type="text" name="desc_" size="40">

          </td>

        </tr>

        <tr>

          <td>Address</td>

          <td><input type="text" name="date_" size="40">

          </td>

        </tr>

        <tr>

          <td>Address</td>

          <td><input type="text" name="price_" size="40">

          </td>

        </tr>

        <tr>

          <td>Address</td>

          <td><input type="text" name="img_" size="40">

          </td>

        </tr>

        <tr>

          <td></td>

          <td align="right"><input type="submit"

          name="submit" value="Sent"></td>

        </tr>

        </table>

    </td>

    </tr>

</table>

</body>

</html>

 

insert_events.php

<?php

mysql_connect("*****","*****","*****");//database connection

mysql_select_db("*****");

 

//Assign contents of form to variables

$event = $_POST['event_'];

$desc = $_POST['desc_'];

$date = $_POST['date_'];

$price = $_POST['price_'];

$img = $_POST['img_'];

 

 

mysql_query ( "INSERT INTO Events (event, desc, date, price, img) VALUES ('$event','$desc','$date','$price','$img'");

 

echo mysql_error();

mysql_close();

?>

 

[abazoskib]

$query="INSERT INTO Events(event,desc,date,price,img) VALUES('$event','$desc','$date','$price','$img')";

mysql_query($query);

 

i like putting it like that to make it easier to read. other than that, what data types are you using for each column? for example, if the date column is using a datetime data type, you cant insert random letters into the column. If price is an int,float,etc. you cant put letters in. It wont work.

[sarzilla]

Thank you so much for responding.

 

They are all VarChar

CREATE TABLE IF NOT EXISTS `Events` (

  `event` varchar(200) default NULL,

  `desc` varchar(800) default NULL,

  `date` varchar(200) default NULL,

  `price` varchar(10) default NULL,

  `img` varchar(250) default NULL

) ENGINE=MyISAM DEFAULT CHARSET=latin1;

 

[Zyx]

Take a look at Events(event,desc,date,price,img) part. You should pay attention to column names and any other identifiers and string. SQL does have keywords, but unlike to many languages, keywords are not forbidden from appearing as identifiers. They have to be escaped then. This happens in your case. DESC is a SQL keyword: ORDER BY something DESC and the SQL parser does not know, what to do, seeing it in this context. Your query should look like this:

 

mysql_query("INSERT INTO Events(`event`,`desc`,`date`,`price`,`img`) VALUES('".$event."','".$desc."','".$date."','".$price."','".$img."')");

 

In MySQL, backticks are used to escape such identifiers, like your desc. I prefer to use it in all cases.

[sarzilla]

Thank you!

 

That fixed it.