Topic: db query

Hi everyone, I've got a problem with a mysql query..
I try to script a little video gallery for my punbb forum, but I'm too bad.

$name = pun_trim($_POST['name']);
        $url = pun_linebreaks(addslashes($_POST['url']));
        $desc = pun_linebreaks(addslashes($_POST['description']));
                $poster = $pun_user['id'];
        $cat = pun_trim($_POST['cat']);
                $now = time();            
        
        //insert the video in the database
        $db->query('INSERT INTO '.$db->prefix.'videos (name, url, desc, poster, cat, date) VALUES("'.$name.'", "'.$url.'", "'.$desc.'", "'.$poster.'", "'.$cat.'", "'.$now.'")') or error('Datenbankfehler: Konnte Video nicht einfügen', __FILE__, __LINE__, $db->error());

I get the DB Error, caused by $desc but I don't see any errors there. When I remove the description, the query works.

Any ideas? hmm

YY Order!!!

2

Re: db query

And the error is? Btw, you should be using intval() and $db_escape() on those values.

Re: db query

I get the error that is defined at

or error('Datenbankfehler: Konnte Video nicht einfügen'

The mySQL table for "desc" is text, latin_swedich_ci

I have another script with a desc table, same code and it works there.

YY Order!!!

4

Re: db query

The error from your SQL logs.

Re: db query

Enable debug mode and pun_show_queries, then paste the full error message.

6 (edited by Challe 2008-03-26 14:44)

Re: db query

File: /home/www/web362/html/newvideo.php
Line: 48

PunBB reported: Datenbankfehler: Konnte Video nicht einfügen

Database reported: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, poster, cat, date) VALUES("Test", "<object>", "", "2", "2", "1206542413")' at line 1 (Errno: 1064)

Failed query: INSERT INTO foo_videos (name, url, desc, poster, cat, date) VALUES("Test", "<object>", "", "2", "2", "1206542413")


Edit... it seems the $_POST desc is empty

Edit2 No matter if empty or not...

YY Order!!!

Re: db query

Desc is a reserved keyword. Either escape it with backticks (`), or rename the column.

Re: db query

It works, thanks. smile

(desc because of descending?)

YY Order!!!

Re: db query

Yes.