0

I know what a syntax error is but i cant find the problem in my syntax. I did the sql in phpmyadmin first and not ive just copied and put variables in.

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's new carving chisels. 1 x 13mm 4-point finishing claw Chisel. Southern St' at line 3

Code:

public function insert_row($vendor, $product_link, $product_title, $product_desc, $product_price){
    mysql_query("INSERT INTO `crawl_products` ( `vendor` , `product_link` , `product_title` , `product_desc` , `product_price` )
        VALUES (
        '$vendor', '$product_link', '$product_title', '$product_desc', '$product_price'
        )") or die(mysql_error());
}

Many Thanks.

Improve this question
2
  • 3
    You need to escape your user input. Commented Sep 25, 2013 at 11:32
  • 1
    Error is coming due to the fact that you have single quote in your data. You should use mysql_real_escape_string like function before concating values. Better use mysqli and binding. Commented Sep 25, 2013 at 11:33

3 Answers 3

Reset to default
1

You need to apply mysql_real_escape_string over each variable before running the insert query

public function insert_row($vendor, $product_link, $product_title, $product_desc, $product_price){

    $vendor = mysql_real_escape_string($vendor);
    $product_link = mysql_real_escape_string($product_link);
    $product_title = mysql_real_escape_string($product_title);
    $product_desc = mysql_real_escape_string($product_desc);
    $product_price = mysql_real_escape_string($product_price);

    mysql_query("INSERT INTO `crawl_products` ( `vendor` , `product_link` , `product_title` , `product_desc` , `product_price` )
        VALUES (
        '$vendor', '$product_link', '$product_title', '$product_desc', '$product_price'
        )") or die(mysql_error());
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

The tables need no Grave accents, e.g. "`vendor`" should just be "vendor", and try to write the variables like this:

VALUES ( '".$vendor."',

it should work then.

And what sythnet wrote about mysql_query($con applies to mysqli_qurey, not to mysql_query

Improve this answer

Comments

0

Escape the inputs. Use mysql_real_escape_string.

Also have look at : Why shouldn't I use mysql_* functions in PHP?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.