insert into database error


#1

This is a snippet of code from a program I obtained. I will not insert a new record and an error message is posted. Any help is greatly appreciated.

Add the recipe to the database

if ($result = mysql_query("INSERT INTO recipes (name,servings,ingredients,instructions,description,category,added,creator,imagefile) " .
                          "VALUES(\"$r_name\", $r_servings, \"$ing_list\", \"$r_instructions\", \"$r_description\", $r_category, NOW(), " . $session{'userid'} . ", \"$ifilename\")")) 

{
# Move the image file into place, if we need to
if ($_FILES[‘r_image’][‘size’] > 0) move_uploaded_file($_FILES[‘r_image’][‘tmp_name’], “…/images/recipes/$ifilename”);

  paintform("<P CLASS=\"content\"><FONT CLASS=\"content-subheader\">Recipe Added:</FONT><BR>\n$r_name</P>\n",
            "", 0, 0, array(), "", "");
  c_footer();
  exit();
} else {
  dberror("addrecipe.php", "Cannot insert new recipe");
}

}


#2

The issue is, it is using deprecated and removed code. mysql_* functions are the issue.

Update it to PDO


#3

Without writing the entire program, is there a fix for the mysql_query?

Thanx


#4

Depends, what is the exact error message that is being given?


#5

I do not think anyone will help you with ,mysql, - every single person on this forum will advise you on using PDO.
See here if it helps: https://phpdelusions.net/pdo


#6

The error is: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ’ “”)’ at line 1

Thanx


#7

[php] if ($result = mysql_query(“INSERT INTO recipes (name,servings,ingredients,instructions,description,category,added,creator,imagefile) " .
“VALUES(”$r_name”, $r_servings, “$ing_list”, “$r_instructions”, “$r_description”, $r_category, NOW(), " . $session{‘userid’} . “, “$ifilename”)”)) [/php]

Change to,
[php]$sql = “INSERT INTO recipes (name,servings,ingredients,instructions,description,category,added,creator,imagefile) " .
“VALUES(”$r_name”, $r_servings, “$ing_list”, “$r_instructions”, “$r_description”, $r_category, NOW(), " . $session{‘userid’} . “, “$ifilename”)”;

echo $sql;

if ($result = mysql_query($sql)) [/php]

That will print out what you are passing. Either something is not escaped properly or you are missing spaces, or something simple like that.