mysql version error when insert into function

Question

I'm parsing a feed and I want to insert it into my database. I echo out the correct feed entries but when I want to insert into database, I get this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'update, link) VALUES (...) on line 1.

Here's the code:

include_once("connect_to_mysql.php");

$xml= simplexml_load_file('http://somefeed/feeds/rss');
$list = $xml->entry;
$title = $list[0]->title;
$img = $list[0]->summary->div->img['src'];
$update = $list[0]->updated;
$link = $list[0]->link['href'];

$sql = mysql_query("INSERT INTO table (title, img, update, link) 
VALUES ('$title', '$img', '$update', '$link')") or die (mysql_error());

This worked fine throughout my website but now I get this error. I'm using xampp. Also some entries are files with http:// that the problem? I found similar posts but their fixes don't work for me.

Answer 1

the are two reserved keywords: table and update used in your query, it must be escape with backtick.

INSERT INTO `table` (title, img, `update`, link) 
VALUES ('$title', '$img', '$update', '$link')

• MySQL Reserved Keywords

As a sidenote, the query is vulnerable with SQL Injection if the value(s) came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

• How to prevent SQL injection in PHP?