We Keep Coding

Error in PHP MySQL

I am trying to do a simple INSERT, but I keep on getting this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM,TO,ID,CURRENCY1,CURRENCY2,AMOUNT,NOTE,RATE) VALUES('test', 'test2', 'dd', '' at line 2
Here is my code:
mysql_query("INSERT INTO WIRET
(FROM,TO,ID,CURRENCY1,CURRENCY2,AMOUNT,NOTE,RATE) VALUES('$from', '$to', '$ID', '$currency1', '$currency2', '$amount','$note', '$rate') ")
or die(mysql_error());
Why am I getting this error? I copied this script from another area of my site where it works, I just changed the values.

FROM is a reserved word in MySQL (and SQL in general). If you really have a column named FROM you should wrap it with ` (backticks) so the parser knows you mean a name:
INSERT INTO WIRET (`FROM`, TO, ID, CURRENCY1, ...

If your column is named from you have to put it into "`" (backticks) because FROM is also a SQL keyword.
By putting a keyword (FROMhere) into backticks you say "this is not a SQL keyword" to the DBMS.
Example:
INSERT INTO WIRET (`FROM`,TO,ID,...

mysqli query error, not sure what's wrong

I have a query here and not sure why the insert is failing... Here is the query and the error
INSERT INTO `tokyoStats` (stockName, open, high, low, close, change, stockFrom, stockParent, timestamp) VALUES ('topix', '1190.55', '1192.35', '1181.56', '1181.64', '-3.64', 'japan','topix','2013-09-18T01:00:05+09:00')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'change, stockFrom, stockParent, timestamp) VALUES ('topix', '1190.55', '1192.35'' at line 1
I'm not sure why this is wrong. I have other queries before this one that work perfectly fine.

change is reserved word for mysql enclose it with backticks (`) and avoid this by changing column names, see this link for reference: http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
INSERT INTO `tokyoStats` (`stockName`, `open`, `high`, `low`, `close`, `change`, `stockFrom`, `stockParent`, `timestamp`)
VALUES
('topix', '1190.55', '1192.35', '1181.56', '1181.64', '-3.64', 'japan','topix','2013-09-18T01:00:05+09:00')

Php mysqli->real_escape_string and MYSQL

I've a little question.
I've written this code to add the values to mysql database but when i run the code and I got an error. Can anybody help me?
the code:
$fel = $mysqli->query("INSERT INTO deleted (uid,buy_type,prop_type,district,street,room_min,room_max,price_min,price_max,condition_type,heat_type,lift_type,parking_type,type_of_del,when)
VALUES ('".$mysqli->real_escape_string($letomb['uid'])."',
'".$mysqli->real_escape_string($letomb['buy_type'])."',
'".$mysqli->real_escape_string($letomb['prop_type'])."',
'".$mysqli->real_escape_string($letomb['district'])."',
'".$mysqli->real_escape_string($letomb['street'])."',
'".$mysqli->real_escape_string($letomb['room_min'])."',
'".$mysqli->real_escape_string($letomb['room_max'])."',
'".$mysqli->real_escape_string($letomb['price_min'])."',
'".$mysqli->real_escape_string($letomb['price_max'])."',
'".$mysqli->real_escape_string($letomb['condition_type'])."',
'".$mysqli->real_escape_string($letomb['heat_type'])."',
'".$mysqli->real_escape_string($letomb['lift_type'])."',
'".$mysqli->real_escape_string($letomb['parking_type']).",
'".$mysqli->real_escape_string($type_of_del)."',
now())") or die($mysqli->error);
Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'when) VALUES ('3', 'kiado', 'lakas', '1'' at line 1

WHEN is a reserved word. Enclosing it in backticks should fix your problem, as it will then be treated as an identifier.
`when`

You should use backticks around your column names. when is a MySQL keyword so it's being interpreted incorrectly. At the very least use backticks around when.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server

mysql_query("
INSERT INTO trades (id, cpair, oprice, cprice, bos, ooc, dateandtime)
VALUES (null, $currency, $openingprice, $closingprice, $buysell,
$openorclosed, $datetime"
);
What's wrong with this code that is making is error like this?
Error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ' , 1, 1, 2012-10-12 13:57:08' at line 1

You cannot insert a NULL for the id, this is probably a required field.
If it is auto-incrementing, just ignore it and it will automatically fill itself in.

Any strings need to be quoted in the MySQL command string, and you might need to invoke functions for converting the datetime from a string.

Wow! For one, you're not treating strings like strings. You're just echoing out anything into that query. Bad idea, and as you can see, not going to work.
you need to add single quotes around each var that is a string in your VALUES() statement at least.
mysql_query("
INSERT INTO trades (id, cpair, oprice, cprice, bos, ooc, dateandtime)
VALUES (null, $currency, $openingprice, $closingprice, $buysell,
$openorclosed, '$datetime'"
);
Next step is to switch to PDO and sanitize your input.

Error with MySql query [duplicate]

This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
I am having problems with this MySql query:
INSERT INTO groups (NAME, DESC, TIME, OWNER) VALUES ('$GNAME', '$DESC', '$TIME', '$UID')
Essentially, the script adds the Group Name, Decription, Time and the Username of the person who registered the Group, into the mysql database.
Full script:
<?php
include_once('include/session.php');
$GNAME = $_POST['groupname'];
$DESC = $_POST['desc'];
$SPAM = $_POST['spam'];
$UID = $_POST['UID'];
$TIME = date('Y-m-d H:i:s');
if($SPAM == "queuee"){
$query ="INSERT INTO groups (NAME, DESC, TIME, OWNER) VALUES ('$GNAME','$DESC','$TIME', '$UID')";
$result = mysql_query($query) or die("There as been an Error! <hr>Error:<hr>".mysql_error() ."<br><hr>Go Back");
header("Location: ../group.php?id=$GNAME");
}else{
?>
The Security Question was wrong. Try Again.
<?
}
?>
I ran the Query directly into MySql itself using Phpmyadmin. However it still threw an error.
The error is:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DESC, TIME, OWNER) VALUES ('$GNAME', '$DESC', '$TIME', '$UID')' at line 1
Any help at all is much appreciated and perhaps I am being a complete fool and not noticing an obvious mistake. If you need any more information just ask!
Many Thanks.

"DESC" is a keyword. Put it in backquotes.
..., `DESC`, ...

DESC is a reserved keyword. If you must use it for a column name, wrap it in backticks:
`DESC`

Try:
INSERT INTO groups (`NAME`, `DESC`, `TIME`, `OWNER`) VALUES ('$GNAME','$DESC','$TIME', '$UID')";
You're using reserved words as column names - PHP gets terribly confused in that case.
I should also add that your code is open to SQL injection, and you should look at moving away from using the mysql_* functions.
The quickstart guide for mysqli is at http://www.php.net/manual/en/mysqli.quickstart.php
PDO is another option; the information on prepared statements is at http://www.php.net/manual/en/pdo.prepared-statements.php

DESC is SQL keyword, use `` to escape column names:
$query ="INSERT INTO `groups` (`NAME`, `DESC`, `TIME`, `OWNER`) VALUES ('$GNAME','$DESC','$TIME', '$UID')";

According to MySQL Reserved Words, the word `DESC can't be used as a field name, unless you enclose it with backticks.

Put single (or double maybe) quotes around DESC in the "INSERT INTO groups" part. DESC is a reserved word and must be quoted.

use
$DESCRIPTION = $_POST['desc'];
inseted of
$DESC = $_POST['desc'];
$DESCRIPTION variable use in you query
$query ="INSERT INTO groups (NAME, DESC, TIME, OWNER) VALUES ('$GNAME','$DESCRIPTION','$TIME', '$UID')";