PDA

View Full Version : I have an error in my SQL syntax?



cmxsevenfoldxmc
05-08-2008, 07:27 PM
Hi everyone,

I keep getting this error everytime I try to insert a record into my database:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show) VALUES ('System being tested', 'Testing', '0000-00-00', 'C' at line 1


Here's the PHP code I'm using:



$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "InfoForm")) {
$insertSQL = sprintf("INSERT INTO TS_FAQS (question, answer, `date`, author, email, show) VALUES (%s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['question'], "text"),
GetSQLValueString($_POST['answer'], "text"),
GetSQLValueString($_POST['date'], "text"),
GetSQLValueString($_POST['name'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['show'], "text"));

mysql_select_db($database_TireSafe_Database, $TireSafe_Database);
$Result1 = mysql_query($insertSQL, $TireSafe_Database) or die(mysql_error());
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "InfoForm")) {
$updateSQL = sprintf("UPDATE TS_FAQs_Temp SET answered=%s WHERE show=%s",
GetSQLValueString($_POST['answered'], "text"),
GetSQLValueString($_POST['show'], "text"));

mysql_select_db($database_TireSafe_Database, $TireSafe_Database);
$Result1 = mysql_query($updateSQL, $TireSafe_Database) or die(mysql_error());
}


And here's the code for the form that gets this info:


<form id="InfoForm" name="InfoForm" method="POST" action="<?php echo $editFormAction; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="40%" class="TablePad3"><div align="right">Name:</div></td>
<td class="TablePad3"><div align="left">
<input name="name" type="text" class="LoginBoxes" id="name" value="<?php echo $row_FAQs_Temp['name']; ?>" size="30" />
</div></td>
</tr>
<tr>
<td width="40%" class="TablePad3"><div align="right">Date:</div></td>
<td class="TablePad3"><div align="left">
<input name="date" type="text" class="LoginBoxes" id="date" value="<?php echo $row_FAQs_Temp['date']; ?>" size="30" />
</div></td>
</tr>
<tr>
<td width="40%" class="TablePad3"><div align="right">Email:</div></td>
<td class="TablePad3"><div align="left">
<input name="email" type="text" class="LoginBoxes" id="email" value="<?php echo $row_FAQs_Temp['email']; ?>" size="30" />
</div></td>
</tr>
<tr>
<td class="TablePad3"><div align="right">Question:</div></td>
<td class="TablePad3"><textarea name="question" cols="45" rows="5" class="LoginBoxes" id="question"><?php echo $row_FAQs_Temp['question']; ?></textarea></td>
</tr>
<tr>
<td class="TablePad3"><div align="right">Answer:</div></td>
<td class="TablePad3"><textarea name="answer" cols="45" rows="5" class="LoginBoxes" id="answer"></textarea>
</td>
</tr>
<tr>
<td class="TablePad3"><div align="right">Show in Website?:</div></td>
<td align="left" class="TablePad3"><select name="show" class="LoginBoxes" id="show">
<option value="NO" selected="selected">No</option>
<option value="YES">Yes</option>
</select>
</td>
</tr>
</table>
<p>
<input name="Answer" type="submit" class="LoginButtons" id="Answer" value="Answer" />
<input name="reset" type="reset" class="LoginButtons" id="reset" value="Reset" />
</p>
<input type="hidden" name="MM_insert" value="InfoForm" />
<input type="hidden" name="answered" value="YES" />
<input type="hidden" name="MM_update" value="InfoForm" />
</form>

Any suggestions?

Thank you all very much in advance.

Inigoesdr
05-08-2008, 07:43 PM
"SHOW" is a reserved keyword. Wrap your column names in `backticks` or change the name of the column to something else.

cmxsevenfoldxmc
05-08-2008, 08:57 PM
Inigoesdr, that worked like a charm!

Thank you.

aedrin
05-08-2008, 11:21 PM
mysql_select_db($database_TireSafe_Database, $TireSafe_Database);

You don't need to do this before every query. You can put this code at the point where you connect to your database.