-4

I have 2 tables. The same query works fine with one table but doesn't work with the other one.

Query which works fine:

$qry="insert into table_a (product_id, image_name) VALUES ('$a1', '$name1')";
$result = @mysql_query($qry);

Query which is not inserting data into the table:

$qry=("insert into subtable(product_id, title, desc) VALUES ({$a1}, {$a2}, {$a3})");
$result = @mysql_query($qry);
Charlie
  • 11,380
  • 19
  • 83
  • 138
user3267463
  • 1
  • 3
    Get rid of the `@` in front of your query and use mysql_error() for error reporting. – John Conde Feb 03 '14 at 20:46
  • 2
    using `@` in php is the equivalent of "on error resume next" in VBA, and definitely the equivalent of stuffing your fingers into your ears and going "lalalalaalala can't hear you". If you won't listen to what PHP has to tell you, why should we try to help you? – Marc B Feb 03 '14 at 20:50
  • @MarcB: Not quite, PHP will halt on the next error in the script - VBA just keeps on going! – The Blue Dog Feb 03 '14 at 20:55
  • Please, before you write **any** more SQL interfacing code, you must read up on [proper SQL escaping](http://bobby-tables.com/php) to avoid severe [SQL injection bugs](http://bobby-tables.com/) like the ones you have here. Also, `mysql_query` should not be used in new applications. It's a deprecated interface that's being removed from future versions of PHP. A modern replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and is a safer way to compose queries. `$_POST` data never goes directly in a query. – tadman Feb 03 '14 at 21:58

1 Answers1

3

desc is a reserved word which must be wrapped in backticks.

http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html

use:

(product_id, title, `desc`)

and do as John Conde stated in his comment:

("Get rid of the @ in front of your query and use mysql_error() for error reporting.")

or wrap them all in backticks

(`product_id`, `title`, `desc`)

Rewrite:

$qry=("insert into subtable (`product_id`, `title`, `desc`) VALUES ({$a1}, {$a2}, {$a3})");
$result = mysql_query($qry);

And do use mysqli_* with prepared statements or PDO. The mysql_* functions are deprecated.

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141