mysql insert fails on certain form fields

Question

I get the following error when I try to insert into a mysql database.

MYSQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Condition, Status) VALUES ( '20140715_173221.jpg','rt', 'Vessel', 'hf',' ','New'' at line 1

I can insert fine without fields Condition and Status. here is the form/javascript.

<script type="text/javascript">
  $(document).ready(function(){
       $('#upload select[name="Type"]').change(function(){
           if($('#upload select[name="Type"] option:selected').val() == 'Shroud' || $('#upload select[name="Type"] option:selected').val() == 'Vessel' ){
               $('#Status').show();
           }else{
               $('#Status').hide();
           }
       });
   });

   $(document).ready(function(){
       $('#upload select[name="Type"]').change(function(){
           if($('#upload select[name="Type"] option:selected').val() == 'Collector' ||
                   $('#upload select[name="Type"] option:selected').val() == 'M150' ||
                   $('#upload select[name="Type"] option:selected').val() == 'TC' ){
               $('#Condition').show();
           }else{
               $('#Condition').hide();
           }
       });
   }); 

</script>
<form id="upload" name="upload" enctype="multipart/form-data" action="ImageUpload.php" method="POST"> 

 <label for="Type">Type:</label>
 <select id="Type" name="Type">
 <option value="">Select a Type...</option>
 <option value="Shroud">Shroud</option>
 <option value="Vessel">Vessel</option>
 <option value="Collector">Collector</option>
 <option value="M150">M150</option>
 <option value="TC">TC</option>
 <option value="VanesHOBIF">Vanes/HOB/IF</option>
 </select><br><br>


 Title: <input type="text" name="UserTitle"><br> 

 <div id="Status" style="display:none">Status: 
 <input type="text" name="Status" value="">
 <br>
 </div>

 <div id="Condition" style="display:none">
 <label for="Condition">Condition:</label>
 <select name="Condition">
 <option value=" "></option>
 <option value="New">New</option>
 <option value="Cleaned">Cleaned</option>
 <option value="Drained">Drained</option>
 <option value="NA">NA</option>
 </select><br><br>
 </div> 


 <label for="Desciption">Description:</label><br>
 <textarea type="text" name = "Description" cols="40" rows= "4"></textarea><br> 
 File: <input type="file" name="file" id="file"><br> 
 <input type="submit" name="submit"value="Submit"> 
 </form>

and my PHP Post file

$title=$_POST['Title'];
        $usertitle=$_POST['UserTitle'];
        $type=$_POST['Type'];
        $Description=$_POST['Description'];
        $files=($_FILES['file']['name']);
        $Condition=$_POST['Condition'];
        $Status= $_POST['Status'];



        $sql="INSERT INTO ImageTable (Title,UserTitle,Type,Description,Condition, Status) VALUES ( '$files','$usertitle', '$type', '$Description','$Condition','$Status')";

        if (!mysqli_query($con,$sql))
        {
            die('MYSQL Error: ' . mysqli_error($con));
        }

If I echo out the $Condition and $Status i see the values selected in the form. Not sure what is going wrong with the insert statement. Thanks in advance

Answer 1

Apart from the fact, that you should use mysql_real_escape_string to avoid SQL injections:

Condition is a reserved word in mySQL. That's why you are getting the error. You will have to rename the field or use backticks like this: `Condition`.

Answer 2

Condition is a MySQL reserved word.

http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html

If you want to keep on using it as a column name, put tick marks around it:

`Condition`

---

(Title,UserTitle,Type,Description,`Condition`, Status)

Answer 3

use mysql_real_escape_string() in every $_POST and $_GET And condition is a reserved word try to rename this.