Hi There,

I'm counting on ya'll for this one! I could probably figure it out if I really got into it, but I don't have much time I'm afraid.

Here's a simple form used to enter data into an SQL database and copy and uploaded file onto the virtual site:

Code:
<br>
<b><a href="urlupload.php3">Upload a URL to a File</a></b>
<br><hr><br>
<form action="upload2.php3" method="post" enctype="multipart/form-data">
<br>Upload a File: <input type="file" name="uploadfile"><br>
File Name: <input type="text" name="uploadname"> - 
<select name="uploadformat">
<option selected value="txt">TXT</option>
<option value="doc">DOC</option>
<option value="pdf">PDF</option>
<option value="rtf">RTF</option>
</select><br>
<b>Description: </b><br>
<textarea name="description" rows="5" cols="25" wrap></textarea><br>
<input type="submit" name="uploadsubmit" value="Upload"></form>
Here's the file that form points to...

Code:
<?php
if (copy($uploadfile, "../files/$uploadname.$uploadformat")) {
include("../connect.inc");
  $sql = "INSERT INTO files SET " .
         "uploadname='$uploadname', " .
         "uploadformat='$uploadformat', " .
         "description='$description'";
  if (mysql_query($sql)) {
    echo("<br>");
  } else {
    echo("<P>Error adding submitted entry: " .
         mysql_error() . "</P>");
  }
echo("File successfully uploaded<p><b>" . 
     "<a href=\"../files\"></a></b>");
}

else {
echo("There was a problem with the file...<p><center><b>" . 
     "<a href=\"upload.php\">Try It Again!</a></b></center>");
}
unlink($uploadfile);
?>
The code sucessfully copies the file, but produces this SQL error:

Error adding submitted entry: parse error near 'SET uploadname='Auto', uploadformat='txt', description='TEST'' at line 1

I notice the two single quotes at the end there, but don't see where they're coming from.

Any help would be highly appreciated. Like I said: I'm sorry if I'm dumping on you guys. I know I can figure this out, but am in a major rush.

Thanks so much!