I'm creating a very simple php forum system to integrate with my portal system (I tried to integrate some existent ones, but all I've found have lots of features I don't want, so I decided to create my own). The page bellow is just a start point from the board creation page, but when I click on submit, I just get the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc='Testing special characters á é ó ç ã ñ'' at line 1
<?php
function renderForm($nome, $desc, $error)
{
$nome = htmlspecialchars($_POST['nome']);
$desc = htmlspecialchars($_POST['desc']);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>New Record</title>
</head>
<body>
<?php
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<div>
<strong>Nome: *</strong> <input type="text" name="nome" /><br/>
<strong>Desc: *</strong> <input type="text" name="desc" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}
include("../../config.php");
if (isset($_POST['submit']))
{
$nome = htmlspecialchars($_POST['nome']);
$desc = htmlspecialchars($_POST['desc']);
if ($nome == '' || $desc== '')
{
$error = 'ERROR: Please fill in all required fields!';
renderForm($nome, $desc, $error);
}
else
{
mysql_query("INSERT forum_boards SET nome='$nome', desc='$desc'")
or die(mysql_error());
}
}
else
{
renderForm('','','');
}
?>
What could be this?