I am trying to insert information into a table, using the following query;
$sql2 = "INSERT into `djs` (`name`,`pic`,`about`) VALUES (".$row['dj_name'].",".$row['dj_picture'].",".$row['dj_intro'].")";
Whenever I have tried doing this, the following error has occurred, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use"
What is causing this error and how may it be resolved?
You are not putting quotes around the strings you are inserting:
$sql2 = "INSERT into `djs` (`name`,`pic`,`about`) VALUES
('".$row['dj_name']."','".$row['dj_picture']."','".$row['dj_intro']."')";
The values all need quoting (assuming they are all strings):
$sql2 = "INSERT into `djs` (`name`,`pic`,`about`) VALUES ('".$row['dj_name']."','".$row['dj_picture']."','".$row['dj_intro']."')";
Also even if your data is coming from existing data in the database, you should still consider the possibility of Second Order SQL Injection. The most appropriate safeguard is to use a Prepared Statement instead of concatenating values into the query.
You need quotes around the values you are inserting. But you should also consider a better method of inserting records.
$sql2 = "INSERT into `djs` (`name`,`pic`,`about`) VALUES ('".$row['dj_name']."','".$row['dj_picture']."','".$row['dj_intro']."')";
Use mysql_real_escape_string(); to escape your values and put them into single quotes:
$sql2 = "INSERT into `djs` (`name`,`pic`,`about`) VALUES ('".mysql_real_escape_string($row['dj_name'])."', '".mysql_real_escape_string($row['dj_picture'])."', '".mysql_real_escape_string($row['dj_intro'])."')";
