Home/ Questions/Q 8624715
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T07:36:01+00:00

I have an error when inserting into the database. Code: dbquery(INSERT INTO site_news_comments (articleid,title,short,comment,timestamp,userid,main,type,topstory)

  • 0

I have an error when inserting into the database.

Code:

dbquery("INSERT INTO site_news_comments (articleid,title,short,comment,timestamp,userid,main,type,topstory) VALUES ($article,'".clean($commentss['title'])."','','".mysql_real_escape_string($_POST['comment'])."',current_timestamp,'".USER_ID."','0','".$commentss['type']."','')");

Ignore the dbquery, works exactly as mysql_query.

The error I am receiving is:

 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''title','short','

No idea why this error is being thrown!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Teaching a man how to fish.

    If a query fails, the first thing you should do is to echo the query you’re about to send:

    $sql = "INSERT INTO site_news_comments (articleid,title,short,comment,timestamp,userid,main,type,topstory) VALUES ($article,'".clean($commentss['title'])."','','".mysql_real_escape_string($_POST['comment'])."',current_timestamp,'".USER_ID."','0','".$commentss['type']."','')";

echo $sql;

    It’s usually pretty obvious what’s wrong with the final query; pay particular attention to the dynamic stuff in your query and generally around the area where MySQL complains about.

    If that still looks okay, then you look for words that might need escaping, such as the reserved words.

    Conclusion

    Having looked at the code mysql, I would have to conclude that the problem lies with $article and it causes problems in your query. You should probably escape it as well, just in case 🙂

    Recommendation

    You should learn about PDO / mysqli and using prepared statements:

    // PDO example
$stmt = $db->prepare('INSERT INTO site_news_comments (articleid, title, short, comment, timestamp, userid, main, type, topstory) VALUES (:article, :title, :short, :comment, CURRENT_TIMESTAMP, :user, :main, :type, :topstory)');
$stmt->execute(array(
    ':article' => $article,
    ':title' => $commentss['title'],
    ':short' => '',
    ':comment' => $_POST['comment'],
    ':user' => USER_ID,
    ':main' => 0,
    ':type' => $commentss['type'],
    ':topstory' => '',
));
    • 0