Problem with MySQL Insert?

Well, I am having trouble with this MySQL Insert code, but my other ones are working?

This is the one that is not working:

[php]<?php
//connect to MySQL
include(‘mysql_connect.php’);

//Get input

$name =“test”;

$forum =“test”;

$by =“test”;

//Stop code injection
$name = stripslashes($name);

$forum = stripslashes($forum);

$by = stripslashes($by);

$name = mysql_real_escape_string($name);

$forum = mysql_real_escape_string($forum);

$by = mysql_real_escape_string($by);

//Enter data into database

mysql_query(“INSERT INTO thread (name, by, forum) VALUES (’$name’, ‘$by’, ‘$forum’)”);
echo "the db error is: ".mysql_error();

//redirect
//header( ‘Location: http://www.the-rusty-miner.nn.pe/forumdemo/’ ) ;

?>[/php]

I have set the “//Get input” variables all to “test” to make sure it is not an error somewhere else.

As you can see i also added:

[php]echo "the db error is: ".mysql_error();[/php]

And this returned with:

the db error is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'by, forum) VALUES (test, test, test)' at line 1

[hr]

Now this is the code that does work:

[php]<?php
//connect to MySQL
include(‘mysql_connect.php’);

//Get input

$name = $_POST[‘name’];

$description = $_POST[‘description’];

$cat = $_POST[‘cat’];

//Stop code injection
$name = stripslashes($name);

$description = stripslashes($description);

$cat = stripslashes($cat);

$name = mysql_real_escape_string($name);

$description = mysql_real_escape_string($description);

$cat = mysql_real_escape_string($cat);

//Enter data into database

mysql_query(“INSERT INTO forums (name, description, category) VALUES (’$name’, ‘$description’, ‘$cat’)”);

//redirect
header( ‘Location: http://www.the-rusty-miner.nn.pe/forumdemo/’ ) ;

?>[/php]

I can’t see the problem between the two?

Does anybody know what the problem is?

Thanks

tbh neither of them should work. INSERT mysql queries are meant to end with a semi-colon, BEFORE you close the query string with "; so it should be:

$Query = “INSERT INTO table (field, field2) VALUES (‘string’, ‘string2’);”;

OK, I added semi-colon’s to the end of the Query’s but that one still does not work >:(

I’ve re-wrote this to how I would do it. Try it and copy/paste anything it says.

[php]

<?php //Enable Error Reporting ini_set('display_errors', 'On'); error_reporting(-1); //connect to MySQL include('mysql_connect.php'); //Get input $name ="test"; $forum ="test"; $by ="test"; //Stop code injection $name = stripslashes($name); $forum = stripslashes($forum); $by = stripslashes($by); $name = mysql_real_escape_string($name); $forum = mysql_real_escape_string($forum); $by = mysql_real_escape_string($by); //Enter data into database $Query = "INSERT INTO thread (name, by, forum) VALUES ('{$name}', '{$by}', '{$forum}');"; $Result = mysql_query($Query) or die("Error: ".mysql_error()); //redirect //header( 'Location: http://www.the-rusty-miner.nn.pe/forumdemo/' ) ; Echo "Data Inserted into Database"; ?>

[/php]

OK, I have copied the code you put and it still seems to give me:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'by, forum) VALUES ('test', 'test', 'test')' at line 1

what is the table format in the database?
Does the table exist?

Yes, it is all correct, see:

http://tinypic.com/r/jl5a9k/6

Try this as query:

[php]
$Query = “INSERT INTO thread (name, by, forum) VALUES (’{$name}’, ‘{$by}’, ‘{$forum}’);”;
[/php]

AH! finally it works

Thanks RaythXC

No problem glad I could help?

Why did it have to be done differently to the others, what was the problem?

Some queries are really fussy. INSERT and UPDATE need semi-colons at the end, and INSERT also needs table names or field names in the name syntax. that’s the button on the left of your number 1 across the top.