SQL/PHP INSERT error

Question

I am trying to store form input into SQL database via PHP. When I submitted the form, I received the following error:

You have an error in your SQL syntax; check the manual that corresponds to your "MySQL server version for the right syntax to use near 'Describe, Living, City, State, Major) VALUES ('First', 'Last', 'Company ' at line 1".

Here is my PHP:

    $insert_sql="INSERT INTO Interns (First, Last, Company, Description,Classes, Interview, Projects, Benefits, Describe, Living, City, State, Major) VALUES ('$first_name', '$last_name', '$company', '$description', '$classes', '$interview', '$projects','$benefits', '$describe', '$living', '$city','$state','$major');";

This question has been asked too many times and could have easily been avoided, had you Google'd your syntax error and interpreted it to fix your "reserved" word issue. — Funk Forty Niner, Mar 30 '15 at 18:22
**WARNING**: This looks [terrifyingly insecure](http://bobby-tables.com/) and for your sake I hope this is not on the public internet. You need to ensure any and all user parameters are [properly escaped](http://bobby-tables.com/php) or you are at serious risk of an application compromise. Whenever possible use prepared statements and placeholders to ensure you're not exposed to errors of that sort. — tadman, Mar 30 '15 at 19:17

score 3 · Answer 1 · answered Mar 30 '15 at 18:18

3

describe is a reserved word in MySQL and needs to be escaped with backticks.

 INSERT INTO Interns (..., Benefits, `Describe`, Living, ...

answered Mar 30 '15 at 18:18

juergen d

201,996
37
293
362

score 2 · Answer 2 · answered Mar 30 '15 at 18:18

2

You are using a reserved keyword Describe

You need to escape it using backticks in query as

INSERT INTO Interns 
(
  First, 
  Last, 
  Company, 
  Description,
  Classes, 
  Interview, 
  Projects, 
  Benefits, 
`Describe`,
..............

answered Mar 30 '15 at 18:18

Abhik Chakraborty

44,654
6
52
63

SQL/PHP INSERT error

2 Answers2