Hi Ive just came across this syntax error and have no idea on how to go about fixing it hope someone can help? Im using Php myadmin # Server version: 5.0.45 # Protocol version: 10

Here is the error:

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES('test my a', 'img/photo/tab_bg.gif', 'img/thumb/tab_bg.gif', '')' at line 1"

<?php

require 'config.php';
require 'functions.php';
require 'common.php';


if(isset($_FILES['fupload'])) {

    $filename = addslashes($_FILES['fupload']['name']);
    $source = $_FILES['fupload']['tmp_name'];    
    $target = $path_to_image_directory . $filename;
    $description = $_POST['description']; 
	$category = addslashes($_POST['category']); 
    $source = $path_to_image_directory . $filename;
    $thumb = $path_to_thumbs_directory  . $filename;    
    
    
    // Validates the form input
    
    if(strlen($_POST['description']) < 4) 
    $error['description'] = '<p class="alert">Please enter a description for your photo. </p>';
	
    
    if($filename == '' || !preg_match('/[.](jpg)|(gif)|(png)|(jpeg)$/', $filename)) 
    $error['no_file'] = '<p class="alert">Please select an image, dummy! </p>';
    
    if(!$error) {
        move_uploaded_file($source, $target);    
        
        $q = "INSERT INTO photo (description, source, thumb, category,) VALUES('$description', '$source', '$thumb', '$category')";
        $result = $mysqli->query($q) or die(mysqli_error($mysqli));
        
        if($result) {
            echo "Success! Your file has been uploaded";
        }
        
        createThumbnail($filename);
        
    }  // end preg_match
}     

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
	<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
	<link rel="stylesheet" href="css/default.css" />
	<title>My Photos</title>
</head>

<body>
    <h1>My Photos</h1>
    <ul><?php getPhotos(); ?></ul>

    <h1>Upload a Photo</h1>
    <form enctype="multipart/form-data" method="post" action="admin.php">
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
	    <p><input type="file" name="fupload" /></p>
	    
	    <p><label for="description">Enter a Description: </label>
	    <textarea rows="6" cols="50" id="description" name="description"></textarea></p>
        
        Please choose a category:
            <select name="select">
      <option>Sports</option>
      <option>London</option>
      <option>Macro</option>
      <option>Landscapes</option>
      <option>Local</option>
    </select>
	    
	    <p><input type="submit" value="Upload Photo" name="submit" /></p>
    </form>

Hi there,
You need to addslashes() to $_POST. SQL will not accept special chars without them first being escaped.

Code updated:

<?php

require 'config.php';
require 'functions.php';
require 'common.php';


if(isset($_FILES['fupload'])) {

    $filename = addslashes($_FILES['fupload']['name']);
    $source = $_FILES['fupload']['tmp_name'];    
    $target = $path_to_image_directory . $filename;
    $description = addslashes($_POST['description']); 
	$category = addslashes($_POST['category']); 
    $source = $path_to_image_directory . $filename;
    $thumb = $path_to_thumbs_directory  . $filename;    
    
    
    // Validates the form input
    
    if(strlen($_POST['description']) < 4) 
    $error['description'] = '<p class="alert">Please enter a description for your photo. </p>';
	
    
    if($filename == '' || !preg_match('/[.](jpg)|(gif)|(png)|(jpeg)$/', $filename)) 
    $error['no_file'] = '<p class="alert">Please select an image, dummy! </p>';
    
    if(!$error) {
        move_uploaded_file($source, $target);    
        
        $q = "INSERT INTO photo (description, source, thumb, category,) VALUES('$description', '$source', '$thumb', '$category')";
        $result = $mysqli->query($q) or die(mysqli_error($mysqli));
        
        if($result) {
            echo "Success! Your file has been uploaded";
        }
        
        createThumbnail($filename);
        
    }  // end preg_match
}     

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
	<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
	<link rel="stylesheet" href="css/default.css" />
	<title>My Photos</title>
</head>

<body>
    <h1>My Photos</h1>
    <ul><?php getPhotos(); ?></ul>

    <h1>Upload a Photo</h1>
    <form enctype="multipart/form-data" method="post" action="admin.php">
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
	    <p><input type="file" name="fupload" /></p>
	    
	    <p><label for="description">Enter a Description: </label>
	    <textarea rows="6" cols="50" id="description" name="description"></textarea></p>
        
        Please choose a category:
            <select name="select">
      <option>Sports</option>
      <option>London</option>
      <option>Macro</option>
      <option>Landscapes</option>
      <option>Local</option>
    </select>
	    
	    <p><input type="submit" value="Upload Photo" name="submit" /></p>
    </form>

Thank you!, i also had a extra comma after $category which i just noticed on your post lol. thanks again

This article has been dead for over six months. Start a new discussion instead.