Error in INSERT

Question

I am working on a script that uploads an image to a server, and the path to a MySQL Database. When I submit this it comes up with this error:

error in INSERT into 'images_tbl' ('images_path') VALUES ('images/05-12-2014-1417785023.png') == ----> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''images_tbl' ('images_path') VALUES ('images/05-12-2014-1417785023.png')' at line 1

Here is the code:

<?php
 include("mysqlconnect.php");

     function GetImageExtension($imagetype)
         {
        if(empty($imagetype)) return false;
        switch($imagetype)
        {
            case 'image/bmp': return '.bmp';
            case 'image/gif': return '.gif';
            case 'image/jpeg': return '.jpg';
            case 'image/png': return '.png';
            default: return false;
        }
      }



 if (!empty($_FILES["uploadedimage"]["name"])) {

     $file_name=$_FILES["uploadedimage"]["name"];
     $temp_name=$_FILES["uploadedimage"]["tmp_name"];
     $imgtype=$_FILES["uploadedimage"]["type"];
     $ext= GetImageExtension($imgtype);
     $imagename=date("d-m-Y")."-".time().$ext;
     $target_path = "images/".$imagename;


 if(move_uploaded_file($temp_name, $target_path)) {

      $query_upload="INSERT into 'images_tbl' ('images_path') VALUES ('".$target_path."')";
     mysql_query($query_upload) or die("error in $query_upload == ----> ".mysql_error());  

 }else{

    exit("Error While uploading image on the server");
 } 

 }

?>

My editor is not bringing up any syntax errors, but it seems to suggest there is in that error.

Answer 1

It should be -

"INSERT into images_tbl (images_path) VALUES ('".$target_path."')";

OR

"INSERT into `images_tbl` (`images_path`) VALUES ('".$target_path."')";

Remove the 's. It is not needed.

Answer 2

You are specifying table name as simple string. Replace ' with ` or remove it at all.

INSERT into `images_tbl` (`images_path`) VALUES

Answer 3

Identifier quotes are backticks not single quotes:

INSERT into 'images_tbl' ('images_path')
            ^           ^             ^

You could just ditch them instead.

INSERT into images_tbl (images_path)
// or
INSERT into `images_tbl` (`images_path`)

Obligatory Note:

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

_{Ref: https://stackoverflow.com/a/12860140/3859027}

Here's a short example of a mysqli usage:

$db = new mysqli('localhost', 'username', 'password', 'database');
$query_upload = 'INSERT INTO images_tbl (images_path) VALUES (?)';
$insert = $db->prepare($query_upload);
$insert->bind_param('s', $target_path);
$insert->execute();

Answer 4

You are specifying the table name as string.

 $query_upload="INSERT into 'images_tbl' ('images_path') VALUES ('".$target_path."')";

Try the code below

 $query_upload="INSERT into images_tbl ('images_path') VALUES ('".$target_path."')";

Hope this helps you.