MySQL Syntax error in php form

Question

When I run a database query in a form I made I get the following error.

Database query failed 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'release = "2013-05-27 19:33:29",platform = "PC",description = "Physics Puzzle Ga' at line 1 Query: UPDATE games SET title = "Osmos",genre = "Indie",release = "2013-05-27 19:33:29",platform = "PC",description = "Physics Puzzle Game",rating = "7",cost = "9.99" WHERE id=1

My code is posted below, I can't figure out where the error in the syntax is. Any help would be greatly appreciated. Thanks!

    if ($id>0) {
    $query = 'UPDATE games SET ';
    $where = ' WHERE id='.prepareInsert($id);
} else {
    $query = 'INSERT INTO games SET ';
    $where = '';
}


$query .= 'title = "'.prepareInsert($_REQUEST["title"]).'"';
$query .= ',genre = "'.prepareInsert($_REQUEST["genre"]).'"';
$query .= ',release = "'.prepareInsert($_REQUEST["release"]).'"';
$query .= ',platform = "'.prepareInsert($_REQUEST["platform"]).'"';
$query .= ',description = "'.prepareInsert($_REQUEST["description"]).'"';
$query .= ',rating = "'.prepareInsert($_REQUEST["rating"]).'"';
$query .= ',cost = "'.prepareInsert($_REQUEST["cost"]).'"';

$query .= $where;

// do the query
$result = mysql_query($query)
        or      die("<p>Database query failed<br>" . mysql_errno() . ": " . mysql_error()."<br>Query: ".$query);

possible duplicate of [Syntax error due to using a reserved word as a table or column name in MySQL](http://stackoverflow.com/questions/23446377/syntax-error-due-to-using-a-reserved-word-as-a-table-or-column-name-in-mysql) — Ian Ringrose, May 06 '14 at 10:14

score 3 · Answer 1 · answered Jun 02 '13 at 14:35

3

'release' is a reserved word in MySQL. You either need to enclose that field with backticks, or rename the column to something else.

answered Jun 02 '13 at 14:35

Tim Fountain

33,093
5
41
69

score 3 · Accepted Answer · answered Jun 02 '13 at 14:35

Please do escape the column name release since it is a reserved keyword. If you have the privilege to change the structure of the table, please do change it.

Here are the MySQL Reserved Keywords List

You need to escape it using backticks,

$query .= ',`release` = "'.prepareInsert($_REQUEST["release"]).'"';

score 0 · Answer 3 · answered Jun 02 '13 at 14:35

0

You need to escape reserved words in MySQL like release with backticks

$query .= ',`release` = "'.prepareInsert($_REQUEST["release"]).'"';
            ^-------^--------here

answered Jun 02 '13 at 14:35

juergen d

201,996
37
293
362

MySQL Syntax error in php form

3 Answers3