INSERT in MySQL doesn't work

Question

I have a problem with a MySQL request. Insertion doesn't work overnight. I don't know why.

mysql_connect('localhost', 'root', '') or die("Impossible de se connecter : ".mysql_error());
mysql_select_db('db');
$name = mysql_query("SELECT name FROM fruitandvegetable WHERE name='".mysql_real_escape_string(stripcslashes($_POST['name']))."'") or die('Erreur :'.mysql_error());

if (mysql_num_rows($name) != 0) {
    $doublonName = "The name already exists";
}

$nombre = mysql_query("SELECT nombre FROM fruitandvegetable WHERE nombre='".mysql_real_escape_string(stripcslashes($_POST['nombre']))."'") or die('Erreur :'.mysql_error());

if (mysql_num_rows($nombre) != 0) {
    $doublonNombre = "The number already exists";
} else {
    $quer1y = mysql_query("INSERT INTO fruitandvegetable VALUES('', '".$_POST['name']."', 'color', '$month', '$description', '".$_POST['nombre']."')");
}

thanks for your help.

Answer 1

You have to specify the column names:

$quer1y = mysql_query("INSERT INTO fruitandvegetable(column1,col2,col3,...) VALUES('', '".$_POST['name']."', 'color', '$month', '$description', '".$_POST['nombre']."')"); 

Plus, you should switch to PDO or MySQLi, as mysql_* functions are deprecated, and you must escape every user input or (better) use prepared statements to prevent SQL injection:

$connect = mysqli_connect("localhost","root","","db");
        $name = mysqli_query($connect,"SELECT name FROM fruitandvegetable WHERE name='".mysqli_real_escape_string($connect,stripcslashes($_POST['name']))."'")
        or die('Erreur :'.mysqli_error());

        if(mysqli_num_rows($name) != 0)
        {

        $doublonName = "The name already exists";

        }

        $nombre = mysqli_query($connect,"SELECT nombre FROM fruitandvegetable WHERE nombre='".mysqli_real_escape_string($connect,stripcslashes($_POST['nombre']))."'")
        or die('Erreur :'.mysqli_error());

        if(mysqli_num_rows($nombre) != 0)
        {

        $doublonNombre = "The number already exists";

        }         

        else  
        {   

        $quer1y = mysqli_query($connect,"INSERT INTO fruitandvegetable VALUES('', '".mysqli_real_escape_string($connect,$_POST['name'])."', 'color', '".mysqli_real_escape_string($connect,$month)."', '".mysqli_real_escape_string($connect,$description)."', '".mysqli_real_escape_string($connect,$_POST['nombre'])."')"); 
        }