[SOLVED] syntax issue

[Ninjakreborn]

<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insert = "INSERT INTO books (author, name, link, description, holdem, razz, omaha, omahahilo, stud, studhilo, draw, other, tournaments, limit, nolimit, potlimit, year, all) VALUES ('" . GetSQLValueString($_POST['author'], "text") . "', '" . GetSQLValueString($_POST['name'], "text") . "', '" . GetSQLValueString($_POST['link'], "text") . "', '" . GetSQLValueString($_POST['description'], "text") . "', '" . GetSQLValueString($_POST['holdem'], "int") . "', '" .    GetSQLValueString($_POST['razz'], "int") . "', '" . GetSQLValueString($_POST['omaha'], "int") . "', '" . GetSQLValueString($_POST['omahahilo'], "int") . "', '" . GetSQLValueString($_POST['stud'], "int") . "', '" . GetSQLValueString($_POST['studhilo'], "int") . "', '" . GetSQLValueString($_POST['draw'], "int") . "', '" . GetSQLValueString($_POST['other'], "int") . "', '" . GetSQLValueString($_POST['tournaments'], "int") . "', '" . GetSQLValueString($_POST['limit'], "int") . "', '" . GetSQLValueString($_POST['nolimit'], "int") . "', '" . GetSQLValueString($_POST['potlimit'], "int") . "', '" . GetSQLValueString($_POST['year'], "text") . "', '" . GetSQLValueString($_POST['all'], "int") . "');";
  if (mysql_query($insert)) {
  	echo "Entered successfully";
  }else {
  	echo "Problem Entering Book";
echo mysql_error();
echo "<br />";
echo $insert;
  } 
}
?>

It's returning

Problem Entering BookYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'limit, nolimit, potlimit, year, all) VALUES ('Joyel Puryear', 'Testing the book ' at line 1

INSERT INTO books (author, name, link, description, holdem, razz, omaha, omahahilo, stud, studhilo, draw, other, tournaments, limit, nolimit, potlimit, year, all) VALUES ('Joyel Puryear', 'Testing the book system', 'http://www.amazon.com', 'This is a test description', '0', '0', '0', '0', '0', '0', '1', '1', '1', '0', '0', '1', '2006', '1');

 

The thing is I went over the sql query multiple time's and it's "looking" perfect.

The query echo's out as shown

INSERT INTO books (author, name, link, description, holdem, razz, omaha, omahahilo, stud, studhilo, draw, other, tournaments, limit, nolimit, potlimit, year, all) VALUES ('Joyel Puryear', 'Testing the book system', 'http://www.amazon.com', 'This is a test description', '0', '0', '0', '0', '0', '0', '1', '1', '1', '0', '0', '1', '2006', '1');

I see no issue's, especially around the area it mentions.

Any advice?

[effigy]

LIMIT is a reserved word. Change the name, or use `limit`.

[Ninjakreborn]

Yes, I have just thought of that.  On top of that, the word all is reserved.

I had to put back ticks for both the words "limit, and all".

Now it works, thanks.