Issue with Inserting a record into a MySql database

Question

Hello all,

I am having an issue with a simple form uploading script.

On this upload script I built to upload data to a MySql database, I can't seem to get the record to insert into the database when I include this one variable.

I figured that perhaps I am overlooking some minor coding issue, and I'm working on a deadline to get this system live...

Here is the code snippit that is giving me issues.

    $title=$_REQUEST['title'];
$author=$_REQUEST['author'];
$hours=$_REQUEST['hours'];
$start_d=$_REQUEST['start_d'];
$start_m=$_REQUEST['start_m'];
$start_y=$_REQUEST['start_y'];
$end_d=$_REQUEST['end_d'];
$end_m=$_REQUEST['end_m'];
$end_y=$_REQUEST['end_y'];
$certificate=$_REQUEST['certificate'];
$required=$_REQUEST['required'];
$assessment=$_REQUEST['assessment'];
$describe=$_REQUEST['description'];
$query=mysql_query("INSERT INTO `records` (title, hours, start_date_d, start_date_m, start_date_y , end_date_d, end_date_m, end_date_y , certificate, requirement, author, approved, assessment, describe)  VALUES ('$title', '$hours', '$start_d', '$start_m', '$start_y', '$end_d', '$end_m', '$end_y', '$certificate', '$required', '$author', '0', '$assessment', '$describe')");

mysql_close();

The variable that is giving me issues is the one denoted as '$describe'.

My previous testing has indicated:

• The form script is collecting data correctly
• The form script is passing the data to the upload script correctly via method='post'
• The database connection information is correct
• All of the field names in the mysql query are typed correctly

Thank you in advance for your help.

Update:

echo mysql_error(); => "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' assessment, describe) VALUES' at line 1

Answer 1

Try this:

$query="INSERT INTO `records` (title, hours, start_date_d, start_date_m, start_date_y , end_date_d, end_date_m, end_date_y , certificate, requirement, author, approved, assessment, describe)  VALUES ('$title', '$hours', '$start_d', '$start_m', '$start_y', '$end_d', '$end_m', '$end_y', '$certificate', '$required', '$author', '0', '$assessment', '$describe')";
var_dump($query);

And post to us :)

Answer 2

this awful code should be totally rewritten.
but to solve this very problem

foreach ($_REQUEST as $key => $value) $_REQUEST[$key] = mysql_real_escape_string($value);

Something like this. Note that i've changed date fields to date format.

$_POST['start_date'] = $_POST['start_y'].'-'.$_POST['start_m'].'-'.$_POST['start_d'];
$_POST['end_date'] = $_POST['end_y'].'-'.$_POST['end_m'].'-'.$_POST['end_d'];
$_POST['approved'] = 0;

$fields = explode(" ","title author hours start_date end_date certificate required assessment describe");

$query = "INSERT INTO `records` SET ".dbSet($fields);
mysql_query($query) or trigger_error(mysql_error().$query);

function dbSet($fields) {
  $q='';
  foreach ($fields as $v) $q.="`$v`='".mysql_real_escape_string($_POST[$v])."', ";
  return trim($q,", ");
}

Answer 3

It turns out that "Describe" is a reserved word in MySql.

I changed the field name, and now my script works...