Error trying to get form data into mysql

Databases
1

I’m using this code to get my post data into my database


$sql="INSERT INTO nproducts (title, ref, desc, imgloc, keywords, price)
VALUES
('$_POST[title]','','$_POST[dec]','$_POST[imgloc]','$_POST[keywords]','$_POST[price]')";

but im getting this error msg, ref is set as auto inc, do I even need to include this with the insert? I have tried with and without it but same problem.


Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, imgloc, keywords, price) VALUES ('Oven34','','Variables are one of the cor' at line 1

be helpful if someone can point me in the right direction, I’m not sure how to find out where my problem lies.

2

Indeed, you can (and should) omit from the query entirely.

3

You can, but as you say it’s a bad idea :slight_smile:

As for the query, “desc” is a reserved keyword in MySQL, so you need to backtick it in your query:

desc

Also, you might want to look at the mysql_real_escape_string() function, as your code is currently vulnerable to SQL Injection.

4

Well #1 this is an SQL question, not a PHP one.

#2: You do not need (And should not… if not CAN not) try to assign a value to an Auto Incrementing Field. the SQL engine does that for you.

5

thats what I thought, does that mean i don’t need to even pur ref in there?

6

Super! thanks very much :slight_smile: