I’m getting a MySQL syntax error (1064) using this query. I’ve been scouring the dozens of mysql syntax questions on SO, googling like mad, and staring at this SQL statement to no avail. Before executing the statement, I am using mysqli’s real_escape_string(). I have tried (in my desperation) removing all newlines from the query, but this doesn’t help. What’s causing the error?
INSERT INTO `file_upload`.`files` (
`id`,
`name`,
`user_id`
)
VALUES (
NULL,
'filename.txt',
1
)
The error that I’m getting has the message:
…check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’filename.txt\’,1)’ at line 1
EDIT
Here is the PHP code. Connection is a mysqli object.
public function add_file_to_user($file, $user_id) {
$query = "INSERT INTO `file_upload`.`files` (`id`,`name`,`user_id`) VALUES (NULL,'$file->name',$user_id)";
$res = $this->query($query);
die($this->connection->errno . $this->connection->error);
}
private function query($str) {
$str = $this->connection->real_escape_string($str);
return $this->connection->query($str);
}
There you go:
You’re escaping your whole query; you just need escape the variables that you’re passing in to it.
(Though I’ve not tested it to see if it works)