Hey,

I am having trouble with some code I am using. I have used this same code on a different site but it doesnt seem to work now on this site.
I am trying to insert something into my database. however I keep getting this error:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, story, cost, rrp, wt, size, top, fashion, active, lifestyle, sale) VALUES ' at line 1

My Code is below (sorry there is a bit of it, but I don't know what part is giving me issues, as line 1 isn't reffering to my code?)

$OK = false;
	$done = false;

if (array_key_exists('publish', $_POST)) {

	try {
		$id = NULL;
		$stock = $_POST['stock'];
		$brand = $_POST['brand'];
		$name = $_POST['name'];
		$code = $_POST['code'];
		$desc = $_POST['desc'];
		$story = $_POST['story'];
		$rrp = $_POST['rrp'];
		$cost = $_POST['cost'];
		$weight = $_POST['wt'];
		$size = $_POST['size'];
		$top = $_POST['top'];
		$fashion = $_POST['fashion'];
		$active = $_POST['active'];
		$lifestyle = $_POST['lifestyle'];
		$sale = $_POST['sale'];
		
		/*** connect to db ***/
		$conn = dbConnect('admin');
		/*** set the error mode ***/
		$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

		/*** our sql query ***/
		$done = $conn->prepare("INSERT INTO product_info (id, stock, brand, name, code, desc, story, cost, rrp, wt, size, top, fashion, active, lifestyle, sale) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
 
		/*** bind the params ***/
		$done->bindParam(1, $id);
		$done->bindParam(2, $stock);
		$done->bindParam(3, $brand);
		$done->bindParam(4, $name);
		$done->bindParam(5, $code);
		$done->bindParam(6, $desc);
		$done->bindParam(7, $story);
		$done->bindParam(8, $rrp);
		$done->bindParam(9, $cost);
		$done->bindParam(10, $weight);
		$done->bindParam(11, $size);
		$done->bindParam(12, $top);
		$done->bindParam(13, $fashion);
		$done->bindParam(14, $active);
		$done->bindParam(15, $lifestyle);
		$done->bindParam(16, $sale);

		/*** execute the query ***/
		$done->execute();
	}
    catch(Exception $e) {
        echo '<h4>'.$e->getMessage().'</h4>';
    }
}
	if ($done) {
		header ("refresh:10;url=index.php");
		echo 'Sending...........................<br />';	
		exit;
	}
	// display error message if query fails
	if (isset($update) && !$OK && !$done) {
//			$message[] = "There was a problem updating the team, please try again or contact Q Web Development";
			$error = $update->errorInfo();
			if (isset($error[2])) {
				echo $error[2];
			}
	}

If your able to point out what I've done wrong, or how I can fix it, I would greatly appreciate it.

Cheers,

Qwaz

Try replacing line 31 with the following.

$done = $conn->prepare("INSERT INTO product_info (id, stock, brand, name, code, desc, story, cost, rrp, wt, size, top, fashion, active, lifestyle, sale) VALUES ('?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?')");

That is assuming all of the columns are strings. If any of the column types are integers then replace the value of the column with the number 0 and no quotes for integer columns. (By the way integer==number).

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.