PHP and mysql syntax error

advertisements

This question already has an answer here:

  • SQL syntax error in mysql 4 answers

My register.php wont query the simplest of queries:

<?php
session_start();

/* Connect and Query database "accounts", then close connection */
$connection=mysql_connect("localhost","root","");
if (!$connection)
{
    die('Cannot connect to MySQL. Error: ' . mysql_error());
}

$check_database = mysql_select_db("accounts", $connection);
if (!$check_database)
{
    die('Cannot connect to database. Error: ' . mysql_error());
}

/* Query database to save user's post */
/* If field "repostid=0", then the post is not a repost; if the field "repostid>0", then the post is a repost with the field linking to the id of the post to be reposted */
$result = mysql_query("INSERT INTO posts2 (from) VALUES ('h1')");
if (!$result)
{
    die('Cannot query. Error: ' . mysql_error());
}

/* Close Connection */
mysql_close($connection);

/* Redirect to user's page */
header("Location: /website/index.php", 404);
exit();

?>

Here is the echo'd error message:

Cannot query. Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from) VALUES ('h1')' at line 1

It gets called from a form on post.php:

    <form name="postForm" action="userpost.php" method="post" enctype="multipart/form-data" onsubmit="validatePostForm()">
        <div id="posttext"><p>Enter the text you wish to post, then press "Post":</p></div>
        <div id="posttextarea"><textarea rows="10" cols="80" name="postinfo" onkeydown="characterTyping('postbuttoncharactersleft')"></textarea></div>
        <div id="postbutton"><input type="submit" value="Post"/></div><p id="postbuttoncharactersleft">250</p><p id="postbuttoncharacterslefttext"> characters left.</p>
    </form>

Here is the database table so you can confirm that it is the correct syntax for the query to this table:


You need to escape reserved words in MySQL like from with backticks

INSERT INTO posts2 (`from`) VALUES ('h1')