MySQL error “right syntax to use near 'update”
Question
I am getting this error Unhandled Exception.
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'update, desc, indir, time) VALUES(?, ?, ?, ?, ?, ?, ?, 1392556810)' at line 1
whenever i submit the form. Here is source code
if(!is_admin())
{
header("Location: $config->url");
exit;
}
$cid = intval($_GET['id']);
if($_GET['act'] == 'add')
{
$db->bind(id,$cid);
$file = $db->row("SELECT * FROM `".PREFIX."category` WHERE `id`=:id");
if(!$file)
{
$file = new stdClass();
$file->path = "/files";
}
if(!is_dir("..".$file->path))
{
header("Location: $config->url");
exit;
}
if($_POST['save'])
{
$name=$_POST['name'];
$icon=$_POST['icon'];
if($db->count("SELECT COUNT(id) FROM `".PREFIX."category` WHERE `path` = '".$file->path."/".$name."'") == 0)
{
$path=''.$file->path.'/'.$name.'';
$desc=$_POST['desc'];
if(isset($_POST['new']))
$new=1;
else
$new=0;
if(isset($_POST['update']))
$update=1;
else
$update=0;
$time=time();
$insert=$db->query("INSERT INTO ".PREFIX."category(name, path, icon, new, update, desc, indir, time) VALUES(:name, :path, :icon, :new, :update, :desc, :id, $time)", array("name"=>"$name","icon"=>"$icon","new"=>"$new","update"=>"$update","path"=>"$path","id"=>"$cid","desc"=>"$desc"));
if($insert>0)
{
mkdir("..".$file->path."/".$name,0777);
header("Location: $config->url/cat/".$cid."/'".htmli(converturl($file->name)).".html");
}
}
echo 'already exixs';
}
else
echo '<form method="post" action="#">Name : <input type="text" name="name" /><br/>Description : <input type="text" name="desc" /><br/>Icon : <input type="text" name="icon" /><br/><input type="radio" name="new" value="1" /> New<br/><input type="radio" name="update" value="1" /> Update<br/><br/><input type="submit" name="save" value="Add" /></form>';
}
2 answers
solution1
2 2014-02-16 13:37:13
This is your insert statement:
INSERT INTO ".PREFIX."category(name, path, icon, new, update, desc, indir, time)
VALUES(:name, :path, :icon, :new, :update, :desc, :id, $time)
Several of the column names are reserved words in MySQL. You need to escape them:
INSERT INTO ".PREFIX."category(name, path, icon, `new`, `update`, `desc`, indir, `time`)
VALUES(:name, :path, :icon, :new, :update, :desc, :id, $time);
The list of reserved words is here .
In general, you should avoid using these words as identifiers. They are already used in MySQL for other purposes. But, if you have to use them, then you need to escape them each time. (Note: I also escaped "time". You'll note at the end of the list of reserved words are a handful that are allowed, because they have been so commonly used. But time is the name of both a type and function, so it should also be reserved.)
solution2
0 ACCPTED 2014-02-16 13:39:20
Check your query here
$insert=$db->query("INSERT INTO
".PREFIX."category(name, path, icon, new, update, desc
Here update / desc / new are all keyword/reserveword; so you will have to quote it like
$insert=$db->query("INSERT INTO
".PREFIX."category(name, path, icon, `new`, `update`, `desc`
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.