[RESOLVED] MySQL Syntax Error

xxdalexx

I need another set of eyes on this, cant figure it out.

MySQL Query

INSERT INTO listing (title, guests, children, hunters, county, zip, closestcity, milestocity, acres, pgame, leaselength, price, desc, ogame, weapons, feat) VALUES ('title', 'yes', 'yes', '5', 'county', 'zip', 'city', 'miles', 'acres', 'Alligator', 'annual', '1200', 'desc', 'Dove%Hog%Sandhill Crane', 'Archery%Muzzleloaders', 'Electricity%Plowed Fields')

The Error

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, ogame, weapons, feat) VALUES ('title', 'yes', 'yes', '5', 'county', 'zip',' at line 1

How The Query Is Formed

$sql = "INSERT INTO listing (" . $names . ") VALUES (" . $values . ")";

The names and values vars get their info from a number of different user functions, and running a loop on the $_POST array by saying:

$names = $first_var; //for the first, then
$names .= ", " . $rest_of_vars; //for the rest

$values .= ", ". "'" . $valueaddon . "'"; // to add single quotes around the value variables

I should probably quit working for the night, but I'd like to leave it so I pick up on something new tomorrow, and I don't have to reread through all of my code again to figure out where I was. Thanks in advance and let me know if any more info is required.

Almost forgot, everything is escaped like so:

foreach(array_keys($_POST) as $key)
{
  $clean[$key] = mysql_real_escape_string($_POST[$key]);
}

There's a lot more in that loop, but that's it for the escaping part.

dagon

desc is a reserved word in mysql

xxdalexx

I feel kind of like an idiot now, I knew from the error it had to have been something stupid I overlooked, but 2 and 2 never connected in my head. Thank You.