Error3: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sprint spikes'', ''Nike'', '' at line 2
For the following code:
Code: Select all
function post($type, $brand, $gender, $size, $hand, $isNew, $price, $desc, $imgname, $name, $userid, $phone)
{
$con=connect();
if (!$con)
die('Could not connect: ' . mysql_error());
// Check connection
$type = check_input ($type);
$brand = check_input ($brand);
$gender = check_input ($gender);
$size = check_input ($size);
$hand = check_input ($hand);
$price = check_input ($price);
$desc = check_input ($desc);
$imgname = check_input ($name);
$userid = check_input ($usid);
$name = check_input ($name);
$phone = check_input ($phone);
$date = date("Y/m/d");
$sql="INSERT INTO spikes (type, brand, gender, size, hand, new, price, description, imgname, date, name, userid, phone)
VALUES('$type', '$brand', '$gender',
'$size', '$hand', '$isNew',
'$price', '$desc', '$imgname',
'$date', '$name', '$userid',
'$phone')";
if (!mysql_query($sql,$con)){
die('Error3: ' . mysql_error($con));
}
mysql_close($con);
}
Code: Select all
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
$value = stripslashes($value);
// Quote if not a number
if (!is_numeric($value))
$value = "'" . mysql_real_escape_string($value) . "'";
return $value;
}
I really don't understand what I'm doing wrong..