current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote -3 down vote favorite

When I run a database query in a form I made I get the following error.

Database query failed 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'release = "2013-05-27 19:33:29",platform = "PC",description = "Physics Puzzle Ga' at line 1 Query: UPDATE games SET title = "Osmos",genre = "Indie",release = "2013-05-27 19:33:29",platform = "PC",description = "Physics Puzzle Game",rating = "7",cost = "9.99" WHERE id=1

My code is posted below, I can't figure out where the error in the syntax is. Any help would be greatly appreciated. Thanks!

    if ($id>0) {
    $query = 'UPDATE games SET ';
    $where = ' WHERE id='.prepareInsert($id);
} else {
    $query = 'INSERT INTO games SET ';
    $where = '';
}


$query .= 'title = "'.prepareInsert($_REQUEST["title"]).'"';
$query .= ',genre = "'.prepareInsert($_REQUEST["genre"]).'"';
$query .= ',release = "'.prepareInsert($_REQUEST["release"]).'"';
$query .= ',platform = "'.prepareInsert($_REQUEST["platform"]).'"';
$query .= ',description = "'.prepareInsert($_REQUEST["description"]).'"';
$query .= ',rating = "'.prepareInsert($_REQUEST["rating"]).'"';
$query .= ',cost = "'.prepareInsert($_REQUEST["cost"]).'"';

$query .= $where;

// do the query
$result = mysql_query($query)
        or      die("<p>Database query failed<br>" . mysql_errno() . ": " . mysql_error()."<br>Query: ".$query);
share|improve this question
    
possible duplicate of Syntax error due to using a reserved word as a table or column name in MySQL –  Ian Ringrose May 6 at 10:14

3 Answers 3

up vote 3 down vote accepted

Please do escape the column name release since it is a reserved keyword. If you have the privilege to change the structure of the table, please do change it.

Here are the MySQL Reserved Keywords List

You need to escape it using backticks,

$query .= ',`release` = "'.prepareInsert($_REQUEST["release"]).'"';
share|improve this answer
up vote 3 down vote

'release' is a reserved word in MySQL. You either need to enclose that field with backticks, or rename the column to something else.

share|improve this answer
up vote 0 down vote

You need to escape reserved words in MySQL like release with backticks

$query .= ',`release` = "'.prepareInsert($_REQUEST["release"]).'"';
            ^-------^--------here
share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.