Web Hosting Talk






PDA

View Full Version : One more MySQL insert error

riscphree
05-22-2007, 04:03 PM
I get this error:

Could not add the item because: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Title, picture, this is the mini desc, http://google.com, test-p. The query was INSERT INTO media (id, title, type, minidesc, url, thumb, datetime, type2) VALUES (0, My Title, picture, this is the mini desc, http://test.com, test-post.jpg, NOW(), 3).

While using this insert query:

$title = $_POST['title'];
$type = $_POST['type'];
$minidesc = $_POST['minidesc'];
$url = $_POST['url'];
$thumb = $_POST['thumb'];
switch($type){
case game:
$type2 = '1';
case video:
$type2 = '2';
case picture:
$type2 = '3';
}
$query = "INSERT INTO media (id, title, type, minidesc, url, thumb, datetime, type2) VALUES (0, $title, $type, $minidesc, $url, $thumb, NOW(), $type2)";
if (@mysql_query ($query)) {
print '<p>The item has been added.</p>';
} else {
print "<p>Could not add the item because: <b>" . mysql_error() . "</b>. The query was $query.</p>";
}

Not sure what is up? Any hints? Everything looks good what it is reporting in the error message, it just seems to not want to go in the database.
ak7861
05-22-2007, 04:57 PM
It should be..

$query = "INSERT INTO media VALUES(0, $title, $type, $minidesc, $url, $thumb, NOW(), $type2)";
riscphree
05-22-2007, 05:05 PM
Well, my table actaully looks like this:
id
title
type
minidesc
numviews
url
refer
thumb
datetime
type2

so I have to specify which fields I'm entering, because I don't want to pass anything into the numviews or refer field, so that wouldn't work for me :(
riscphree
05-22-2007, 05:08 PM
However, this query worked for me

$query = "INSERT INTO media (id, title, type, minidesc, url, thumb, datetime, type2) VALUES (0, '$title', '$type', '$minidesc', '$url', '$thumb', NOW(), '$type2')";
Rman2003
05-22-2007, 08:18 PM
Riscphree, glad to see you got it working. Things to keep in mind. A) Defining the fields you are inserting isn't required, but it's a good practice. You SHOULD do this. B) You should always wrap the values being inserted in either single or double quotes, but you still need to do some basic filtering / checking on the input data.

The first rule of PHP Club... Never NEVER frickin E-V-E-R trust user input. Inputing form data straight to the db is just asking for trouble.

Good luck.