Menu
I'm trying to create some basic insert query in PHP and it keeps trowing me an error but i really don't know why , can any you guys please see if there is anything wrong ?
mysql_query("
INSERT INTO itens (nome, data, cliente, link, desc, img) VALUES ($nome,$data,$cliente,$link,$desc,$img)
") or die(mysql_error());
Update
Pulled from deleted answer of the OP, the code is now:
mysql_query("INSERT INTO itens (nome, data, cliente, link, `desc`, img)
VALUES ($nome,$data,$cliente,$link,$desc,$img)") or die(mysql_error());
And the error is:
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'kl,j)' at line 2
The kl and j are the last two things i insert in the form.
845
asked Apr 12 '26 10:04
DESC is a MySQL Reserved Keyword, You should escaped it with backtick, ex
INSERT INTO itens (nome, data, cliente, link, `desc`, img)
VALUES ($nome,$data,$cliente,$link,$desc,$img)
you're query is vulnerable with SQL Injection, please take time to read the article below on how to prevent from it,
171
First and foremost - Escape, Escape, Escape OR Learn PDO / mysqli and prepared statements.
Second - know what the reserved keywords are that can't be used for column names; those have to be escaped using backticks.
$sql = sprintf("INSERT INTO itens (nome, data, cliente, link, `desc`, img) VALUES ('%s', '%s', '%s', '%s', '%s', '%s');",
mysql_real_escape_string($nome),
mysql_real_escape_string($data),
mysql_real_escape_string($cliente),
mysql_real_escape_string($link),
mysql_real_escape_string($desc),
mysql_real_escape_string($img)
);
mysql_query($sql);
Third - I think you made a typo in the table name (itens vs items).
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
