-2

Error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '','FB_IMG_1437797225730.jpg','testing')' at line 1

    <form name="ins_form" method="post" action="insert_data.php" enctype="multipart/form-data">
        <table border=1 align="center" width="500">
            <tr>
            <td align="center" colspan="5"><h1 style="color: #FF4D4D;">This form is for inserting posts<h1></td>
            </tr>
            <tr>
                <td>Post Title:</td>
                <td> <input type="text" name="title" size="30"></td>
            </tr>
            <tr>
                <td>Post Author: </td>
                <td><input type="text" name="author"></td>
            </tr>
            <tr>
                <td>Post Images: </td>
                <td><input type="file" name="image"></td>
            </tr>
            <tr>
                <td>Post Title: </td>
                <td><textarea type="text" name="content" cols="30" rows="20"></textarea></td>
            </tr>
            <tr>
                <td align="center" colspan="5"><input type="submit" name="submit" value="Publish Now"></td>
            </tr>
    
        </table>
        </form>
    </body>
</html>
<?php
$cnt=mysql_connect("localhost","root","") or die("Database connecting error");
mysql_select_db("arfa") or die("Database error");

if(isset($_POST['submit']))
{
    $title=$_POST['title'];
    $today = date("F j, Y, g:i a");
    $author=$_POST['author'];
    $content=$_POST['content'];
    $image_name=$_FILES['image']['name'];
    $image_type=$_FILES['image']['type'];
    $image_size=$_FILES['image']['size'];
    $image_tmp=$_FILES['image']['tmp_name'];
    if($title =='' or $author =='' or $content =='')
    {
        echo "<script>alert('Any field is empty')</script>";
        exit();
    }
    if($image_type=="image/jpeg" or $image_type=="image/png" or $image_type=="image/gif")
    {
        if($image_size<=100000)
        {
            move_uploaded_file($image_tmp,"images/$image_name");
        }
        else {
            echo "<script>alert('Image size is larger then 100 kb')</script>";
        }
    
    }
    else {
        echo "<script>alert('Image type is invalid')</script>";
    }

    
    $sql="insert into posts (post_title,post_date,post_author,post_image,post_content) values ('$title','$today',$author','$image_name','$content')";
    if(mysql_query($sql))
    {
    echo "<center><h1>Post is published</h1></center>";
    }
    else {
        echo "<center><h1>Error:" . mysql_error();"</h1></center>";
    }
}
Dharman
  • 30,962
  • 25
  • 85
  • 135
Rehan
  • 1
  • 2
  • 2
    What isn't clear about that message? You have an error in your sql. if you would just echo out your query and read the part that is mentioned in your error it would be pretty obvious that you are missing a quote before the author variable. – Jonathan Kuhn Aug 19 '15 at 17:42
  • Does this answer your question? [How to include a PHP variable inside a MySQL statement](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) – Dharman Sep 20 '20 at 20:35

1 Answers1

0

You are missing an opening quote for $author' in '$today',$author','$image_name',

$sql="insert into posts (post_title,post_date,post_author,post_image,post_content) values ('$title','$today',$author','$image_name','$content')";

Should be

$sql="insert into posts (post_title,post_date,post_author,post_image,post_content) values ('$title','$today','$author','$image_name','$content')";
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Shehary
  • 9,926
  • 10
  • 42
  • 71
  • OP might even have to escape their data, should there be any characters that MySQL may complain about, apostrophes for instance `John's coffee shop`. They should do this either way, their code is open to SQL injection. – Funk Forty Niner Aug 19 '15 at 17:49