insert into database error


This is a snippet of code from a program I obtained. I will not insert a new record and an error message is posted. Any help is greatly appreciated.

Add the recipe to the database

if ($result = mysql_query("INSERT INTO recipes (name,servings,ingredients,instructions,description,category,added,creator,imagefile) " .
                          "VALUES(\"$r_name\", $r_servings, \"$ing_list\", \"$r_instructions\", \"$r_description\", $r_category, NOW(), " . $session{'userid'} . ", \"$ifilename\")")) 

# Move the image file into place, if we need to
if ($_FILES[‘r_image’][‘size’] > 0) move_uploaded_file($_FILES[‘r_image’][‘tmp_name’], “…/images/recipes/$ifilename”);

  paintform("<P CLASS=\"content\"><FONT CLASS=\"content-subheader\">Recipe Added:</FONT><BR>\n$r_name</P>\n",
            "", 0, 0, array(), "", "");
} else {
  dberror("addrecipe.php", "Cannot insert new recipe");



The issue is, it is using deprecated and removed code. mysql_* functions are the issue.

Update it to PDO


Without writing the entire program, is there a fix for the mysql_query?



Depends, what is the exact error message that is being given?


I do not think anyone will help you with ,mysql, - every single person on this forum will advise you on using PDO.
See here if it helps:


The error is: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ’ “”)’ at line 1



[php] if ($result = mysql_query(“INSERT INTO recipes (name,servings,ingredients,instructions,description,category,added,creator,imagefile) " .
“VALUES(”$r_name”, $r_servings, “$ing_list”, “$r_instructions”, “$r_description”, $r_category, NOW(), " . $session{‘userid’} . “, “$ifilename”)”)) [/php]

Change to,
[php]$sql = “INSERT INTO recipes (name,servings,ingredients,instructions,description,category,added,creator,imagefile) " .
“VALUES(”$r_name”, $r_servings, “$ing_list”, “$r_instructions”, “$r_description”, $r_category, NOW(), " . $session{‘userid’} . “, “$ifilename”)”;

echo $sql;

if ($result = mysql_query($sql)) [/php]

That will print out what you are passing. Either something is not escaped properly or you are missing spaces, or something simple like that.