0

Hey,

I am having trouble with some code I am using. I have used this same code on a different site but it doesnt seem to work now on this site.
I am trying to insert something into my database. however I keep getting this error:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, story, cost, rrp, wt, size, top, fashion, active, lifestyle, sale) VALUES ' at line 1

My Code is below (sorry there is a bit of it, but I don't know what part is giving me issues, as line 1 isn't reffering to my code?)

$OK = false;
	$done = false;

if (array_key_exists('publish', $_POST)) {

	try {
		$id = NULL;
		$stock = $_POST['stock'];
		$brand = $_POST['brand'];
		$name = $_POST['name'];
		$code = $_POST['code'];
		$desc = $_POST['desc'];
		$story = $_POST['story'];
		$rrp = $_POST['rrp'];
		$cost = $_POST['cost'];
		$weight = $_POST['wt'];
		$size = $_POST['size'];
		$top = $_POST['top'];
		$fashion = $_POST['fashion'];
		$active = $_POST['active'];
		$lifestyle = $_POST['lifestyle'];
		$sale = $_POST['sale'];
		
		/*** connect to db ***/
		$conn = dbConnect('admin');
		/*** set the error mode ***/
		$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

		/*** our sql query ***/
		$done = $conn->prepare("INSERT INTO product_info (id, stock, brand, name, code, desc, story, cost, rrp, wt, size, top, fashion, active, lifestyle, sale) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
 
		/*** bind the params ***/
		$done->bindParam(1, $id);
		$done->bindParam(2, $stock);
		$done->bindParam(3, $brand);
		$done->bindParam(4, $name);
		$done->bindParam(5, $code);
		$done->bindParam(6, $desc);
		$done->bindParam(7, $story);
		$done->bindParam(8, $rrp);
		$done->bindParam(9, $cost);
		$done->bindParam(10, $weight);
		$done->bindParam(11, $size);
		$done->bindParam(12, $top);
		$done->bindParam(13, $fashion);
		$done->bindParam(14, $active);
		$done->bindParam(15, $lifestyle);
		$done->bindParam(16, $sale);

		/*** execute the query ***/
		$done->execute();
	}
    catch(Exception $e) {
        echo '<h4>'.$e->getMessage().'</h4>';
    }
}
	if ($done) {
		header ("refresh:10;url=index.php");
		echo 'Sending...........................<br />';	
		exit;
	}
	// display error message if query fails
	if (isset($update) && !$OK && !$done) {
//			$message[] = "There was a problem updating the team, please try again or contact Q Web Development";
			$error = $update->errorInfo();
			if (isset($error[2])) {
				echo $error[2];
			}
	}

If your able to point out what I've done wrong, or how I can fix it, I would greatly appreciate it.

Cheers,

Qwaz

2
Contributors
1
Reply
3
Views
7 Years
Discussion Span
Last Post by cwarn23
0

Try replacing line 31 with the following.

$done = $conn->prepare("INSERT INTO product_info (id, stock, brand, name, code, desc, story, cost, rrp, wt, size, top, fashion, active, lifestyle, sale) VALUES ('?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?')");

That is assuming all of the columns are strings. If any of the column types are integers then replace the value of the column with the number 0 and no quotes for integer columns. (By the way integer==number).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.