Error in MySQL syntax: What am i missing? [closed]

Question

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.

---

This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.

Closed 9 years ago.

Improve this question

I get this error when try to execute the code below:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,dir,pais,tel,fax,email,url,pic) VALUES ('lucent','que lio','sadsad','dsadsa' at line 1

<?php 
    include('config.php');
    if(isset($_POST['submit'])) {
        $usuario = $login_session;
        $name = $_POST['empname'];
        $desc = $_POST['empdesc'];
        $dir = $_POST['empdir'];
        $pais = $_POST['empais'];
        $tel = $_POST['emptel'];
        $fax = $_POST['empfax'];
        $email = $_POST['empemail'];
        $url = $_POST['empurl'];
        $pic = 'nopic.png';

        $success = "INSERT INTO empresas
                (usuario,name,desc,dir,pais,tel,fax,email,url,pic) 
            VALUES('$usuario','$name','$desc','$dir','$pais',
                '$tel','$fax','$email','$url','$pic')";

        $data = mysql_query ($success)or die(mysql_error());

    }

Answer 1

Any time you see this:

... for the right syntax to use near...

The error is at the very beginning of what "near" is telling you. In this case it's the word desc which is a reserved word in SQL (for ordering things in descending order). I recommend not using it as a column name (or any other reserved word), but if that's not possible then you'll just need to wrap it in back-ticks to indicate that it's an object name and not a keyword:

INSERT INTO empresas(usuario,name,`desc`,dir,pais,tel,fax,email,url,pic)...

It's often a good idea to wrap object names like this anyway, making queries more explicit. Though honestly you should take this a step further and use something like PDO for building your queries. At the very least, please be aware that your current code is highly vulnerable to SQL injection attacks and start reading this.

Answer 2

The syntax error you're experiencing is because desc is a MySQL reserved word.

If you want to use it as a field name, you'll need to quote it;

INSERT INTO empresas(usuario, name, `desc`, dir, pais, tel, fax, email, url, pic) VALUES ... 

You should also strongly consider not using the deprecated mysql_* API, the newer APIs like PDO or MySQLi give you access to prepared statements which will prevent SQL injection which your code has problems with.

Answer 3

You can't use "desc" as a colum name since it's already in MYSQL's use

Answer 4

Your column name 'desc' is the mysql's reserved word, Check this Mysql Reserved Words

Answer 5

Put backticks for the desc column as follows

$success = "INSERT INTO empresas(usuario,name,`desc`,dir,pais,tel,fax,email,url,pic) VALUES ('$usuario','$name','$desc','$dir','$pais','$tel','$fax','$email','$url','$pic')";

or maybe just use another column name