dennis February 2016

PHP Check Session if one has privilege

I'm working on a MySQL Query to create a product in the database but I'm getting an error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, fprice, inkoop, image, author, html) VALUES('1', 'bronze 5 - bronze 4', '1' at line 1

I have Googled it but can't find any problem in my code:

<?php

if(isset($_POST['submit'])) {
    $shopid1 = $_POST['productid'];
    $prodname1 = $_POST['productname'];
    $desc1 = $_POST['desc'];
    $fprice1 = $_POST['fprice'];
    $price1 = $_POST['price'];
    $inkoop1 = $_POST['inkoop'];
    $image1 = $_POST['image'];
    $qty1 = $_POST['qty'];
    $html1 = $_POST['html'];
    $author1 = $_SESSION['name'];



        mysql_query("INSERT INTO products(shopid, name, qty, price, desc, fprice, inkoop, image, author, html) VALUES('$shopid1', '$prodname1', '$qty1', '$price1', '$desc1', '$fprice1', '$inkoop1', '$image1', '$author1', '$html1')", $conn)
            or die(mysql_error());  
        Header("Location: products.php");

} else {

}


?>

Hope someone can diagnose my problem! Thanks!

Answers


Sougata February 2016

desc is reserved keyword. Try with -

INSERT INTO products(shopid, name, qty, price, `desc`,.....

Or rename it accordingly.


AnkiiG February 2016

desc is a keyword and it can be either used using backticks or rename it in the database (if possible). Try as below :

INSERT INTO products
(shopid, name, qty, price, `desc`, fprice, inkoop, image, author, html)
VALUES
('$shopid1', '$prodname1', '$qty1', '$price1', '$desc1', '$fprice1', '$inkoop1', '$image1', '$author1', '$html1')


Little Phild February 2016

Try to escape the keyword (desc) in your query

    <?php

if(isset($_POST['submit'])) {
    $shopid1 = $_POST['productid'];
    $prodname1 = $_POST['productname'];
    $desc1 = $_POST['desc'];
    $fprice1 = $_POST['fprice'];
    $price1 = $_POST['price'];
    $inkoop1 = $_POST['inkoop'];
    $image1 = $_POST['image'];
    $qty1 = $_POST['qty'];
    $html1 = $_POST['html'];
    $author1 = $_SESSION['name'];



        mysql_query("INSERT INTO products(shopid, name, qty, price, `desc`, fprice, inkoop, image, author, html) VALUES('$shopid1', '$prodname1', '$qty1', '$price1', '$desc1', '$fprice1', '$inkoop1', '$image1', '$author1', '$html1')", $conn)
            or die(mysql_error());  
        Header("Location: products.php");

} else {

}


?>

You can also checkout the reserved key words so that you don't make another mistake next time MYSQL Reserved Keyword

Post Status

Asked in February 2016
Viewed 3,706 times
Voted 4
Answered 3 times

Search




Leave an answer