PHP Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsProgramming LanguagesPHP Development
Reload this Page

PHP-General - PHP Mysql error - please help


Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old March 13th, 2013, 12:42 PM
realseoforums realseoforums is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Mar 2013
Posts: 4 realseoforums User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 42 m 50 sec
Reputation Power: 0
PHP-General - PHP Mysql error - please help
Hello I keep getting this error
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, board) VALUES ('hi', 'hi', 'Proxies')' at line 1



This is my php code

Code:
if ( isset( $_POST['submit'] ) ) { 


$title = htmlentities($_POST['title']);
$desc = htmlentities($_POST['content']);
$board_id = $_GET["title"];

mysql_connect("host","user","pass");
mysql_select_db("db");

mysql_query("INSERT INTO thread (title, desc, board)
VALUES ('$title', '$desc', '$board_id')");
echo mysql_error();
}


why am I getting that error?
Reply With Quote
  #2  
Old March 13th, 2013, 12:44 PM
paulh1983 paulh1983 is offline
Contributing User
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Dec 2004
Posts: 2,237 paulh1983 User rank is First Lieutenant (10000 - 20000 Reputation Level)paulh1983 User rank is First Lieutenant (10000 - 20000 Reputation Level)paulh1983 User rank is First Lieutenant (10000 - 20000 Reputation Level)paulh1983 User rank is First Lieutenant (10000 - 20000 Reputation Level)paulh1983 User rank is First Lieutenant (10000 - 20000 Reputation Level)paulh1983 User rank is First Lieutenant (10000 - 20000 Reputation Level)paulh1983 User rank is First Lieutenant (10000 - 20000 Reputation Level)paulh1983 User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 2 Weeks 1 Day 11 h 3 m 46 sec
Reputation Power: 201
is desc not a KEYWORD in mysql.. you should optionally put ` around your field so `title` etc..
Reply With Quote
  #3  
Old March 13th, 2013, 12:49 PM
realseoforums realseoforums is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Mar 2013
Posts: 4 realseoforums User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 42 m 50 sec
Reputation Power: 0
Quote:
Originally Posted by paulh1983
is desc not a KEYWORD in mysql.. you should optionally put ` around your field so `title` etc..


Thank you it works now
Reply With Quote
  #4  
Old March 13th, 2013, 01:08 PM
Jacques1's Avatar
Jacques1 Jacques1 is offline
pollyanna
Click here for more information.
  
Join Date: Jul 2012
Location: Germany
Posts: 1,881 Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level)Jacques1 User rank is Lieutenant General (80000 - 90000 Reputation Level) 
Time spent in forums: 1 Month 2 Weeks 2 Days 8 h 21 m 26 sec
Reputation Power: 813
Hi,

actually, you shouldn't use keywords at all. This backticks workaround is pretty ugly and error-prone.

And the usual sermon:

The MySQL extension you're using is obsolete since almost 10 years and will be officially deprecated in the next PHP version. This means every call to mysql_connect(), mysql_query() etc. will generate a warning.

If you have any chance to switch to one of the “new” extensions, do it! They have several new features. Most importantly, they support prepared statements to prevent SQL injections (which your code is vulnerable against).

The old extension was written for MySQL 3. Those days are long gone. It's the 21. century now.

Also check the link in my signature to avoid security holes.htmlentities() does not protect against SQL injections, it makes absolutely no sense in this context.
Comments on this post
Strider64 agrees!
Reply With Quote
Reply

Viewing: Dev Shed ForumsProgramming LanguagesPHP Development > PHP-General - PHP Mysql error - please help

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap