1

I'm getting this error when trying to insert data into the database You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'add (price, catID, subCatID, title, description) VALUES ('1500', '1', '1', 'aaa'' at line 1

Here is my code. Could you please help me to solve this problem.

require "dbConnect.php";
dbConnect();

$category     = mysql_real_escape_string($_POST['catID']);
$sub_category = mysql_real_escape_string($_POST['subCatID']);
$title        = mysql_real_escape_string($_POST['title']);
$description  = mysql_real_escape_string($_POST['description']);
$price        = mysql_real_escape_string($_POST['price']);

I have included the relevant code here

$insert_data = mysql_query("INSERT INTO add (price, catID, subCatID, title, description) VALUES ('$price', '$category', '$sub_category', '$title', '$description')");
            if($insert_data === FALSE)
            {
                die(mysql_error());
            }

1 Answers1

0

ADD is a MySQL reserved keyword which you must quote with backticks if it is used as a table or column name. If you have an opportunity to change the schema, it is advisable not to use a reserved word since you're likely to encounter this again in the future, as will future developers on your code.

$insert_data = mysql_query("INSERT INTO `add` (price, catID, subCatID, title, description) VALUES ('$price', '$category', '$sub_category', '$title', '$description')");
//-------------------------------------^^^^^^^

As you've probably seen already, the mysql_*() extension has been deprecated in PHP 5.5, and will eventually be removed. Rather than continuing to write new code with it, it is advisable to start learning prepared statements in PDO or MySQLi.

Michael Berkowski
  • 267,341
  • 46
  • 444
  • 390