0

I have sent queries to mysql databases a lot so it threw me for a loop when this stopped working. I'm just trying to insert text and int and decimal information. Is the syntax wrong somewhere? It throws this error message, but I dont know what it means!

Errormessage: 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'long) VALUES (jpeg.jpg,1410700,image/jpeg,1372713379,42.978852222222,-86.0356041' at line 1

name, type, datetime table columns are varchar

size is int

lat and long are decimals(14,12) and (15,12)

I have tried many different variations of the query to try and send it to my localhost wampserver. If you see something I missed please let me know. Thanks!

 $conn = mysqli_connect("localhost", "root", "password", "databaseimage") or die('Error Connecting.');
 $sql = "INSERT INTO `images` (name,size,type,datetime,lat,long) VALUES ($imageName,$imageSize,$imageType,$datetime,$lat,$long)";
 if(mysqli_query($conn, $sql)) {
    echo "Added to database successfully!";
 } else {
    echo "Error sending query!";
    printf("\nErrormessage: %s\n", mysqli_error($conn));
 }

I have tried it with and without `` marks. I have tried it with single quotes around each variable. I have tried just sending raw data through and it still errors out.

Improve this question
4
  • Ok, try adding single quotes on string variables, like: VALUES ('$imageName',$imageSize,'$imageType',etc..) Commented Jul 2, 2013 at 23:30
  • 2
    The issue is with long Commented Jul 2, 2013 at 23:30
  • You should really use prepared statements instead of injecting your variables (unquoted...) in your sql statement. Commented Jul 2, 2013 at 23:31
  • prepare them like using PDO? Commented Jul 2, 2013 at 23:43

2 Answers 2

Reset to default
4

LONG is a mySQL reserved word: http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html

One way to fix it is to wrap those words in backticks:

INSERT INTO `images` (name,size,type,datetime,lat,`long`) VALUES ('$imagename'....

But it's much better practice to avoid using reserved words as column or table names if you can - as you've discovered, it leads to odd situations like this.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I did what you said and got this... Errormessage: Unknown column 'jpeg.jpg' in 'field list'
You'll also need to use single quotes around column values - I've updated the answer. You should look at moving to mysqli_*or PDO, though; both will help you write SQL that's a lot more secure.
Ah, mea culpa - yes you are; you're not using prepared statements, though. Putting variables directly into your SQL can be dangerous - if there's an image with a quote in the name, it will break your SQL statement; and there are more malicious things possible than that.
0

The query should look like

$sql = "INSERT INTO `images` (name,size,type,datetime,lat,`long`) VALUES ('$imageName',$imageSize,'$imageType','$datetime',$lat,$long)";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.