SQL error syntax on query with variables

Question

I am trying to create an import script that looks as below:

foreach ( $app_files as $file ) {
            if ( $row["old_id_import"] == $file['idx'] ) {

                $ids   = $row["id"];
                $files = $file['file'];
                $date  = date( 'Y-m-d H:i:s' );
                $sql2  = "INSERT INTO palace_files ('id', 'module', 'item_id', 'name', 'status', 'date', 'modified') VALUES (NULL, 5, "'.$ids.'", "'.$files.'",1 ,"'.$date.'" , "'.$date.'")";
                if ($conn->query($sql2) === TRUE) {
                    echo "New record imported successfully";
                } else {
                    echo "Error: " . $sql2 . "<br>" . $conn->error;
                }
            }
        }

But it seems that i have syntax error, dont know where. Maybe i am tired.

I have found similar threads but none worked.

Answer 1

You query has some mistakes/could be improved.

1. status and date are keywords in sql. In order for them to be future proof (in case they become reserved, or new ones are added), or you want to always safely use any column name you want and not worry about if they could cause errors, better just wrap them in backticks ``
2. you should not wrap the columns in ' '
3. you are not wrapping them with ' ' in your values

Your query should read as follows:

$sql2 = "INSERT INTO palace_files (id, module, item_id, name, status, date, modified) 
         VALUES (NULL, 5, '{$ids}', '{$files}',1 ,'{$date}' , '{$date}')";

Answer 2

Your are doing wrong concatination. See somehere you missed . operator & quote ". Inside "" you can use php variable it will interpret its value.

 $sql2  = "INSERT INTO palace_files ('id', 'module', 'item_id', 'name', 'status', 'date', 'modified') VALUES (NULL, 5, "'.$ids.'", "'.$files.'",1 ,"'.$date.'" , "'.$date.'")";

Try this:

foreach ($app_files as $file) {
 if ($row["old_id_import"] == $file['idx']) {

    $ids = $row["id"];
    $files = $file['file'];
    $date = date('Y-m-d H:i:s');
    $sql2 = "INSERT INTO palace_files (id, module, item_id, name, status, date, modified) VALUES (NULL, 5, '$ids', '$files',1 ,'$date' , '$date')";
    if ($conn->query($sql2) === TRUE) {
        echo "New record imported successfully";
    } else {
        echo "Error: " . $sql2 . "<br>" . $conn->error;
    }
 }
}

Answer 3

foreach ($app_files as $file) {
 if ($row["old_id_import"] === $file['idx']) {

    $ids = $row["id"];
    $files = $file['file'];
    $date = date('Y-m-d H:i:s');
    $sql2 = "INSERT INTO palace_files (module, item_id, name, status, date, modified) VALUES (5, '{$ids}', '{$files}',1 ,'{$date}' , '{$date}')";
    if ($conn->query($sql2) === TRUE) {
        echo "New record imported successfully";
    } else {
        echo "Error: " . $sql2 . "<br>" . $conn->error;
    }
 }
}

Instead of inserting ID why not set ID as auto-increment and allow it take care of itself