Before someone posts the obligatory comment about
not using string interpolation for running SQL queries, the issue here is simply that table and column names are not meant to be surrounded by single quotes (
'
). You can either omit the quotations around the table/column names, or use the backtick symbol (
`
) instead:
insert into `categories` (`category_title`) values ('$category_title')
Single quotes are only meant to be used for string values, so you can keep it for the
values ()
part. But yes, don't insert the variables directly into the query, use something like parameter binding:
PHP: mysqli_stmt::bind_param - Manual[
^] This will prevent someone from providing you with dodgy data which could seriously damage your database.