Hi,
I have a problem with updating my form. This is part of it.

<td >Product Name</td>
<td > <input name="txtName" type="text" class="box" id="txtName" value="<?php echo ($row["pd_name"]) ?>" size="50" maxlength="100"></td>
</tr>
<tr>
<td >Description</td>
<td> <textarea name="Descrip" cols="70" rows="10" class="box" ><?php echo ($row["desc"]) ?></textarea></td>
</tr>
<tr>
<td >Price RM</td>
<td ><input name="txtPrice" type="text" class="box" id="txtPrice" value="<?php echo ($row["price"]) ?>" size="10" maxlength="10" /></td>
</tr>
<tr>
<td >Qty In Stock</td>
<td ><input name="txtQty" type="text" class="box" id="txtQty" value="<?php echo ($row["qty"]) ?>" size="10" maxlength="10"> </td>
</tr>


and this is my sql


$catId = $_POST['category'];
$name = $_POST['txtName'];
$desc = $_POST['Descrip'];
$price = str_replace(',', '', (double)$_POST['txtPrice']);
$qty = $_POST['txtQty'];
$sql = mysql_query("UPDATE product SET pd_name = '".$name."', price = '".$price."', qty = '".$qty."', cat_id = '".$catId."', desc = '".$desc."'
WHERE id = '".$_POST['submit']."' ")or die(mysql_error());


problem is if i dont include description desc = '".$desc."' everything works fine, but when I include it I'm getting the following error


You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc = 'this is description' WHERE id = '22'' at line 1


Can you tell me what did I miss in my sql statement? Cause i cant get it. Thanks in advance

Moved to Database.

I think the problem is that the word, desc, is a reserved word in SQL. You need to escape it with backtick (`) characters.

$catId = $_POST['category'];
$name = $_POST['txtName'];
$desc = $_POST['Descrip'];
$price = str_replace(',', '', (double)$_POST['txtPrice']);
$qty = $_POST['txtQty'];
$sql = mysql_query("UPDATE product SET pd_name = '".$name."', price = '".$price."', qty = '".$qty."', cat_id = '".$catId."', `desc` = '".$desc."'
WHERE id = '".$_POST['submit']."' ")or die(mysql_error());

thanks for reply I've tried but same result.

also in this case it works too

$sql = mysql_query(" INSERT INTO product
VALUES (NULL , '".$name."', '".$description."', '".$price."', '".$qty."', '".$image."' , '".$catId."')")or die(mysql_error());

I dont know why in UPDATE query it doesn't work

since $desc is a variable thats not the problem, by the time mysql gets to it the variable has been replaced by its contents by the PHP parser. Put this above your query:

$desc = mysql_real_escape_string($desc);

The reason is that you're probably trying to put in a $desc that includes quotes or some other problematic character.

Thanks for all your reply, it does work now.