Muscle error

Am I doing something wrong? Through the visual editor, I’m trying to add a record to the database in the text field. Here is a piece of code

`

if (@$_POST['save'] ){
$text=$_POST['content1'];
$anot=($_POST['anot']);
$pole=$_POST['pole'];
$titul=$_POST['titul'];
if (!$text || !$pole || !$titul) {
echo ("  ");
}
else {
if ( !get_magic_quotes_gpc() ){
$text=stripslashes($text);
$anot=stripslashes($anot);
$pole=stripslashes($pole);
$titul=stripslashes($titul);
}
$kuda=array(); //     
$kuda[10]="news";
$kuda[1]="first";
$kuda[6]="stat";
if ($kuda[$id]==1 || $kuda[$id]==6){
//
mysql_query("INSERT INTO {$kuda[$id]} (title, nazv, text) VALUES ('{$titul}','{$pole}','{$text}')") or die (mysql_error());
echo " <script type=\"text/javascript\"> alert (\" \"); </script>";
} 
if ($kuda[10]){
mysql_query("INSERT INTO {$kuda[10]} (title, nazv, anot, text) VALUES ('{$titul}','{$pole}','{$anot}','{$ text}')") or die (mysql_error());
echo " <script type=\"text/javascript\"> alert (\" \"); </script>";
}
else echo ("  ");
}
}

`

Works every other time. If the amount of data being entered is large, it swears at all.
Writes
`

`You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.

What to do what is the problem? already checked and rechecked everything that was ((((((


Answer 1, authority 100%

Here are the corrected queries, but it seems to be more about the logic itself.

...
$titul = htmlspecialchars($titul);
$pole = htmlspecialchars($pole);
$text = htmlspecialchars($text);
mysql_query('INSERT INTO `' . $kuda[$id] . '`(`title`, `nazv`, `text`) VALUES(\'' . $titul . '\', \'' . $pole . '\', \'' . $text . '\')') or die (mysql_error());
...
$anot = htmlspecialchars($anot);
mysql_query('INSERT INTO `' . $kuda[$id] . '`(`title`, `nazv`, `anot`, `text`) VALUES(\'' . $titul . '\', \'' . $pole . '\', \'' . $anot . '\', \'' . $text . '\')') or die (mysql_error());

Answer 2, authority 100%

maybe the problem is in this line ? or rather in the variable text

('{$titul}','{$pole}','{$anot}','{$ text}')") or die (mysql_error());

Answer 3, authority 100%

Judging by the description of the error that you get, you are trying to write a string containing unescaped quotes to the database, as a result of which the query collapses. just before writing to the database do:

$text = mysql_real_escape_string($text);

for all fields, of course.


Answer 4, authority 100%

Why use stripslashes, use the usual regular expression and leave only characters and numbers in the string, for example. And the fact that it works for you every other time, as written above – output the request to the browser. Most likely something is wrong with the request.