MR10
Reputation: 3
PHP + MySQL "INSERT INTO" error
I have this sql string:
$sql = "INSERT INTO foto (id, nome, check)
VALUES ('', '" . md5($file) . '.' .$Type. "', '" . md5($file2) . '.' .$Type2. "')";
but it returns this error:
INSERT INTO foto (nome, check) VALUES ('57f030f902b9fbd6907d1af52ec2a1ba.jpg', '8c96b1254a72dbd080a9b79a9a224865.jpg')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'check) VALUES ('57f030f902b9fbd6907d1af52ec2a1ba.jpg', '8c96b1254a72dbd080a9' at line 1
'
md5($file) + $Type = 57f030f902b9fbd6907d1af52ec2a1ba.jpg
md5($file2) + $Type2 = 8c96b1254a72dbd080a9b79a9a224865.jpg
What's the problem? How can I solve it?
Upvotes: 0
Views: 89
Answers (1)
Funk Forty Niner
Reputation: 74232
check is a MySQL reserved word
which requires it to be wrapped in backticks, or rename it to checks for example in your table.
$sql = "INSERT INTO foto (id, nome, `check`)
if you want to rename it, then just do
$sql = "INSERT INTO foto (id, nome, checks)
which won't throw an error; the option is yours.
Notice where the error starts and points to:
>...MySQL server version for the right syntax to use near 'check
^ starts there
Plus, once you've fixed that, your code would still be open to SQL injection.
Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.
Upvotes: 3