MYSQL syntax error submitting with PHP

Question

I am kind of stuck. I keep getting a syntax error. Can anyone take a look and let me know whats going wrong?

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'return (Badge, Dept, Asset) VALUES ('61584', 'IT', 12345)' at line 1

<?php
$dept = $_GET['dept'];
$badge = $_GET['badge'];
if (empty($badge)) {
             echo '<center> You must insert a value into the Badge field </center>';
    }
    else {
foreach($_GET['asset'] as $key => $value) {
            $db=mysql_connect ("localhost",  "USER", "PASSWORD") or die ('I cannot connect  to  the database because: ' . mysql_error());
            $mydb=mysql_select_db("radios") or die ('I cannot select that table' . mysql_error());
#                mysql_query("INSERT INTO return  (Badge, Dept, Asset)  VALUES (test, test, test)") or die ('Can not write to DB because: ' . mysql_error());
            mysql_query("INSERT INTO return (Badge, Dept, Asset)  VALUES ('$badge', '$dept', $value)") or die ('<body style="background-color:red">' . mysql_error());
echo $value;
echo '<br>';
            }
echo '<body style="background-color:green">';

}
?>
<html>
    <head>
            <title>Radio return</title>



    </head>
    <body>
            <form action="index.php" method="get" id="badgeform">
            <center> Badge: <input type="text" name="badge" id="badgefield"/>
            <script>document.getElementById('badgefield').focus()</script>
            <center> Dept: <input type="text" name="dept" id="deptfield"/>
            <center> Asset: <input type="text" name="asset[1]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[2]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[3]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[4]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[5]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[6]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[7]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[8]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[9]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[10]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[11]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[12]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[13]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[14]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[15]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[16]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[17]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[18]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[19]" id="assetfield"/>
            <center> Asset: <input type="text" name="asset[20]" id="assetfield"/>
            <input type="submit"> </center>
            </form>


    </body>


</html>

**Warning:** mysql extension is [deprecated](http://stackoverflow.com/questions/13944956) as of PHP 5.5.0, and will be removed in the future. Instead, the [MySQLi](http://www.php.net/manual/en/book.mysqli.php) or [PDO_MySQL](http://www.php.net/manual/en/ref.pdo-mysql.php) extension should be used. Please don't use `mysql_*` to develop new code. — bansi, Sep 27 '13 at 16:19
RETURN is a reserved word in MySQL; you can either quote it with backticks, or rename it to something that isn't a reserved word — andrewsi, Sep 27 '13 at 16:20
Your code is prone to sql injection. you should better use prepared statements. at-least escape the strings. also move your connection to database to outside the `foreach` loop — bansi, Sep 27 '13 at 16:22

score 4 · Accepted Answer · answered Sep 27 '13 at 16:20

4

RETURN is a reserved keyword.

Use INSERT INTO `return` (B...

answered Sep 27 '13 at 16:20

Sergiu Paraschiv

9,929
5
36
47

Wow I feel stupid lol. Thank you! – root Sep 27 '13 at 17:38

score 2 · Answer 2 · answered Sep 27 '13 at 16:20

2

Your table is named as a MySQL reserved word. meaning you should try something like this.

INSERT INTO `return` ....

MYSQL syntax error submitting with PHP

2 Answers2