error in sql syntax...line 1

[MDanz]

i get this error. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's',0,'',0)' at line 1

 

i don't see what i've done wrong.

 

 mysql_connect("localhost", "Master", "pword");
mysql_select_db("db");

$id = $_GET['id'];
$keywords = $_GET['search'];

$totalid = $id-1;
$id = mysql_real_escape_string($id)or die (mysql_error()); ## always do this!!!!
   $result = mysql_query("SELECT * FROM Stacks WHERE origin=$totalid and keywords='$keywords'")or die (mysql_error());
   while ($row = mysql_fetch_array($result))
   {
   $name = $row['reply']; 
$image = $row['image'];
}
   $username1 = $_SESSION['username'];
 $ip = $_SERVER['REMOTE_ADDR'];



      $query = "INSERT INTO suscribed";
      $query .= "(`username`,`ip`,`name`,`topicid`,`image`,`origin`) VALUES ('$username1','$ip','$name',$totalid,'$image',$totalid)";
      $results = mysql_query($query)or die (mysql_error());


if($query){ 


print "<br><font color=white>You have suscribed.  <FORM><INPUT TYPE='button' VALUE='Return' onClick='history.go(-1);return
true;'> </FORM>"; }
else {
print "No image selected/uploaded";
}

[therelelogo]

...might sound silly, but did you remember your <?php ?> tags?

[MDanz]

lol yes.. any idea why it isn't working?  it looks perfect..

[trq]

You need to run all user inputted data through mysql_real_escape_string.

[MDanz]

thanks, got it working.