SQL Query Error

[aquatsr]

I'm having a little trouble getting my SQL query to go through, I'm not sure if it's a problem with the data I'm sending through or the syntax itself. Here is the query itself written in PHP:

$query = "INSERT INTO `movies` (`movie_id`, `title`, `director`, `genre`, `released`, `length`, `language`, `quote`, `description`, `rating`, `property_of`, `date_added`, `available`, `last_borrowed`) VALUES ('', '$movie_title[$j]', '$movie_director[$j]', '$movie_genre[$j]', '$movie_year[$j]', '$movie_length[$j]', '$movie_language[$j]', '$movie_quote[$j]', '$movie_description[$j]', '$movie_rating[$j]', '$property_of', NOW(), '$movie_status[$j]', '')";	$result = mysql_query($query);

Here is the data I entered into the form

Ocean's ThirteenSteven SoderberghThriller, Crime, Comedy2007122EnglishYou shook Sinatra's hand. You should know better.Danny Ocean again runs the game, so no rough stuff. No one gets hurt. Except for double-crossing Vegas kingpin Willy Bank (Al Pacino). Ocean's crew will hit him where it hurts: in his wallet. On opening night of Bank's posh new casino tower The Bank, every turn of a card and roll of the dice will come up a winner for bettors. And they'll hit him in his pride, making sure the tower doesn't receive a coveted Five Diamond Award. That's just the start of the flimflams. The boys are out to break The Bank. Place your bets!5Yes // Note that I've coded it such that this turns into a 1 or 0My Name

and here is the error I get from mysql_error():

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Thirteen', 'Steven Soderbergh', 'Thriller, Crime, Comedy', '2007', '122', 'Eng' at line 1

My field types are:

movie_id	int(11)			No		auto_increment	 	 	 	 	 	 		title	varchar(150)	latin1_swedish_ci		No			 	 	 	 	 	 	 	director	varchar(150)	latin1_swedish_ci		No			 	 	 	 	 	 	 	genre	varchar(150)	latin1_swedish_ci		No			 	 	 	 	 	 	 	released	int(11)			No			 	 	 	 	 	 		length	int(11)			No			 	 	 	 	 	 		language	varchar(150)	latin1_swedish_ci		No			 	 	 	 	 	 	 	quote	text	latin1_swedish_ci		No			 	 	 				 	description	text	latin1_swedish_ci		No			 	 	 				 	rating	int(11)			No			 	 	 	 	 	 		property_of	text	latin1_swedish_ci		No			 	 	 				 	date_added	timestamp			No	CURRENT_TIMESTAMP		 	 	 	 	 	 		available	tinyint(1)			No	1		 	 	 	 	 	 		last_borrowed	datetime			Yes	NULL

Any help on the nature of this error would be greatly appreciated.

[Synook]

The ' in the string (in "Ocean's Thirteen") is making the query fail, you need to mysql_real_escape_string() all your strings before inserting them

$query = "INSERT INTO `movies` (`movie_id`, `title`, `director`, `genre`, `released`, `length`, `language`, `quote`, `description`, `rating`, `property_of`, `date_added`, `available`, `last_borrowed`) VALUES ('', '" . mysql_real_escape_string($movie_title[$j]) . "', '" . mysql_real_escape_string($movie_director[$j]) . "', '" . mysql_real_escape_string($movie_genre[$j]) . "', '" . mysql_real_escape_string($movie_year[$j]) . "', '" . mysq;_real_escape_string($movie_length[$j]) . "', '" . mysql_real_escape_string($movie_language[$j]) . "', '" . mysql_real_escape_string('$movie_quote[$j]) . "', '" . mysql_real_escape_string($movie_description[$j]) . "', '" . mysql_real_escape_string($movie_rating[$j]) . "', '" . mysql_real_escape_string($property_of) . "', NOW(), '" . mysql_real_escape_string($movie_status[$j]) . "', '')";

Tedious, but that's the price of security...

[aquatsr]

Thank you. It's been 3 years since I've done any sort of PHP -> SQL coding. Knew it was something like that.