Reply To: Drop Down Executes Query On Post?

[MBM]

$message = "Error Inserting!" . mysql_error();
header("Location: snickers.php?message=$message");

Gives :

Error Inserting!You Have An Error In Your Sql Syntax; Check The Manual That Corresponds To Your Mysql Server Version For The Right Syntax To Use Near \'1\' At Line 1

Line 1.

<?php

So I’m guessing it’s a syntax error somewhere else however the query does execute and writes data into the database.

I’ve removed all php leaving only this and the error still flags so it has to be in here somewhere.

<?php
session_start();
include ("connect.php");
require("checkLoginSession.php");
$message = isset( $_GET['message'] )? $_GET['message']: "";
//COLLECT POST data
$formValue=array();
foreach ($_POST as $key => $value) {
$formValue[$key] = strip_tags($value);
$usercomments = nl2br($_POST['usercomments']);
//Register post backs to repopulate form fields
$_SESSION['post_vars'][$key] = $value;
}//close for loop
if(isset($_POST['Submit'])){
//Check for empty fields 
if($formValue['subject']=="" || $formValue['usercomments']=="" || $formValue['rating']==""){

$message = "Please enter data in the form" ;
header("Location: films.php?message=$message");

}else{
//Carry on with routine
$Link = mysql_connect($Host, $User, $Password);
$user = $_SESSION['UserName'];
//Inserts the data entered in the form into the db table and records the date and time the comment is posted

$query = mysql_query("INSERT INTO films VALUES ('0', '".mysql_escape_string($user)."','".mysql_escape_string($formValue["subject"])."',NOW(),'".mysql_escape_string($usercomments)."','".mysql_escape_string($formValue["rating"])."','films')"); 

if(mysql_query ($query, $Link)){
$message = "Thank you for your comments";
header("Location: films.php?message=$message");
}else{
$message = "Error Inserting!" . mysql_error();
header("Location: films.php?message=$message");

BTW this is not the filter ratings script.