SQL syntax error
Question
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 'Pappu Akondo', 'Java')' at line 238.
This message is shown when I submit the form. Here Pappu Akondo is author field value and java is Tags field value.
My HTML code
<div class="block">
<form action="addpost.php" method="post" enctype="multipart/form-data">
<table class="form">
<tr>
<td>
<label>Title</label>
</td>
<td>
<input type="text" name="title" placeholder="Enter Post Title..." class="medium" />
</td>
</tr>
<tr>
<td>
<label>Category</label>
</td>
<td>
<select id="select" name="cat">
<option>Select category</option>
<?php
$query = "select * from tbl_category";
$result = $db->select($query);
if ($result) {
while ($row = $result->fetch_assoc()) {
?>
<option value="<?php echo $row['id']; ?>"><?php echo $row['name']; ?></option>
<?php
}
}
?>
</select>
</td>
</tr>
<tr>
<td>
<label>Upload Image</label>
</td>
<td>
<input type="file" name="image"/>
</td>
</tr>
<tr>
<td style="vertical-align: top; padding-top: 9px;">
<label>Content</label>
</td>
<td>
<textarea name="body" class="tinymce"></textarea>
</td>
</tr>
<tr>
<td>
<label>Author</label>
</td>
<td>
<input type="text" name="author" placeholder="Enter Author name..." class="medium" />
</td>
</tr>
<tr>
<td>
<label>Tags</label>
</td>
<td>
<input type="text" name="tags" placeholder="Enter tags here..." class="medium" />
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="submit" Value="Save" />
</td>
</tr>
</table>
</form>
</div>
My PHP code
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$title = mysqli_real_escape_string($db->link, $_POST['title']);
$cat = mysqli_real_escape_string($db->link, $_POST['cat']);
$body = mysqli_real_escape_string($db->link, $_POST['body']);
$author = mysqli_real_escape_string($db->link, $_POST['author']);
$tags = mysqli_real_escape_string($db->link, $_POST['tags']);
$permited = array('jpg', 'jpeg', 'png', 'gif');
$file_name = $_FILES['image']['name'];
$file_size = $_FILES['image']['size'];
$file_temp = $_FILES['image']['tmp_name'];
$div = explode('.', $file_name);
$file_ext = strtolower(end($div));
$unique_image = substr(md5(time()), 0, 10) . '.' . $file_ext;
$uploaded_image = "upload/" . $unique_image;
if ($title == "" || $cat == "" || $body == "" || $file_name == "" || $author == "" || $tags == "") {
echo "<span class='error'>Field must not be empty !!</span>";
} elseif ($file_size > 1048567) {
echo "<span class='error'>Image Size should be less then 1MB! </span>";
} elseif (in_array($file_ext, $permited) === false) {
echo "<span class='error'>You can upload only:-"
. implode(', ', $permited) . "</span>";
} else {
move_uploaded_file($file_temp, $uploaded_image);
$query = "INSERT INTO `tbl_post`(cat, title, body, image, author, tags)
VALUES('$cat', '$title', '$body', $uploaded_image', '$author', '$tags')";
$inserted_rows = $db->insert($query);
if ($inserted_rows) {
echo "<span class='success'>Data Inserted Successfully.</span>";
} else {
echo "<span class='error'>Data Not Inserted !</span>";
}
}
}
?>
1 answers
solution1
0 ACCPTED 2017-02-05 21:42:05
Missing quote before $uploaded_image :
$query = "INSERT INTO `tbl_post`(cat, title, body, image, author, tags)
VALUES('$cat', '$title', '$body', '$uploaded_image', '$author', '$tags')";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.