-2

I'm getting this error with my code "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'condition,location,authorname) VALUES ('','','','','','','','')' at line 1". I'm new to this and i was wondering if anyone could help me figure out what's wrong? Code:

<?PHP
include_once('header.php');
include_once('create.php');

$isbn=$_POST['isbn'];
$title=$_POST['title'];
$publisher=$_POST['publisher'];
$genre=$_POST['genre'];
$availability=$_POST['availability'];
$condition=$_POST['condition'];
$location=$_POST['location'];
$authorname=$_POST['authorname'];

$queryuser=mysql_query("SELECT * FROM book 
    WHERE Title='$title' ");

$checktitle=mysql_num_rows($queryuser);

if($checktitle != 0){
echo "Sorry ".$title." is already added."; 
}

else {

$insert_book=mysql_query("INSERT INTO book (isbn,title,publisher,genre,availability,condition,location,authorname) VALUES ('$isbn','$title','$publisher','$genre','$availability','$condition','$location','$authorname')");

if($insert_book)
{ echo "<b>Addition successful.</b><br><b>You Added: </b>".$title."<br><b>By:  
</b>".$authorname ; }
else{
echo "error in registration".mysql_error(); 
}
}

thanks in advance for any help.

user2747367
  • 143
  • 1
  • 3
  • 8
  • I see this type of question all the time, you should read [common database debugging for PHP and MySQL](http://jason.pureconcepts.net/2013/04/common-debugging-php-mysql/). – Jason McCreary Sep 04 '13 at 14:53
  • *PSA:* The `mysql_*` functions are [deprecated in PHP 5.5](http://php.net/manual/en/faq.databases.php#faq.databases.mysql.deprecated). It is not recommended for writing new code as it will prevent you from upgrading in the future. Instead, use either [MySQLi](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) and [be a better PHP Developer](http://jason.pureconcepts.net/2012/08/better-php-developer/). – Jason McCreary Sep 04 '13 at 14:54
  • I always find it useful to output the entire SQL string and try using it in MySql Workbench. – Evan Parsons Sep 04 '13 at 14:54
  • `condition` is a reserved word – Black Sheep Sep 04 '13 at 14:55
  • Print your query in php if any value contains a single quote or double quote. use mysql_real_escape_string() function – MD SHAHIDUL ISLAM Sep 04 '13 at 15:00
  • possible duplicate of [ou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version](http://stackoverflow.com/questions/15520960/ou-have-an-error-in-your-sql-syntax-check-the-manual-that-corresponds-to-your-m) – Kermit Sep 04 '13 at 15:10

3 Answers3

1

"condition" is a keyword in SQL.

Try this:

INSERT INTO book (`isbn`,`title`,`publisher`,`genre`,`availability`,`condition`,`location`,`authorname`) VALUES ('$isbn','$title','$publisher','$genre','$availability','$condition','$location','$authorname')
itscaro
  • 105
  • 10
0

condition is not allowed as column name. Try renaming that mysql column to something else.

alex smith
  • 470
  • 6
  • 16
0

This may be caused by ANY of the variables you inserted having a single quote (').. To solve this issue you need to sanitize your variables taken from user input against SQL Injection. You also need to validate the form first. Please read on How to prevent SQL Injection?

Also please do know that all mysql_* functions are now deprecated. Please consider using either PDO or Mysqli

Community
  • 1
  • 1
Ali
  • 3,479
  • 4
  • 16
  • 31