0

I have this sql string:

$sql = "INSERT INTO foto (id, nome, check)
            VALUES ('', '" . md5($file) . '.' .$Type. "', '" . md5($file2) . '.' .$Type2. "')";

but it returns this error:

INSERT INTO foto (nome, check) VALUES ('57f030f902b9fbd6907d1af52ec2a1ba.jpg', '8c96b1254a72dbd080a9b79a9a224865.jpg')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'check) VALUES ('57f030f902b9fbd6907d1af52ec2a1ba.jpg', '8c96b1254a72dbd080a9' at line 1

'

md5($file) + $Type = 57f030f902b9fbd6907d1af52ec2a1ba.jpg
md5($file2) + $Type2 = 8c96b1254a72dbd080a9b79a9a224865.jpg

What's the problem? How can I solve it?

Improve this question
1
  • You really should be using SQL placeholders like ? or :nome for this, because the way you're composing this query string seems completely reckless. Are any of those values even properly escaped? Commented Nov 7, 2014 at 18:23

1 Answer 1

Reset to default
3

check is a MySQL reserved word

which requires it to be wrapped in backticks, or rename it to checks for example in your table.

$sql = "INSERT INTO foto (id, nome, `check`)

if you want to rename it, then just do

$sql = "INSERT INTO foto (id, nome, checks)

which won't throw an error; the option is yours.

Notice where the error starts and points to:

>...MySQL server version for the right syntax to use near 'check
                                                          ^ starts there

Plus, once you've fixed that, your code would still be open to SQL injection.
Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you. "check" was the problem. I know that is an unsafe query but it is inside a secure and private area of the website in which only one person can enter. I will, however, once finished the entire code, make sure this area too. Thank you very much.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.