Click here to Skip to main content
15,353,818 members
Search within:


Error in inserting data to database from HTML form
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
PHP
Error: INSERT INTO 'student' ('student_num', 'last_name', 'first_name', 'middle_init') VALUES ('2018-03829', 'Cacayuran', 'Alexis', 'A')
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''student' ('student_num', 'last_name', 'first_name', 'middle_init') VALUES (...' at line 1

What I have tried:

PHP Code
<?php

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "program_checklist";
$conn = mysqli_connect($servername, $username, $password, $dbname);

if ($conn->connect_error){
	die("Connection failed: ".$conn->connect_error);
}
echo "Connected succesfully<br>";

$a = $_POST['studentnum'];
$b = $_POST['lastname'];
$c = $_POST['firstname'];
$d = $_POST['middleinit'];

$insertsql = 
"INSERT INTO 'student' ('student_num', 'last_name', 'first_name', 'middle_init')
VALUES ('$a', '$b', '$c', '$d')";

if ($conn->query($insertsql) === TRUE){
	echo "New record created succesfully";
}else{
	echo "Error: ".$insertsql."<br>".$conn->error;
}

$conn->close();
?>


HTML Code

<!DOCTYPE html>
<html>
<head>
	<title>Student Checklist</title>
</head>
<body>
	<form action="submit.php" method="post">
		Student Number:<br>
		<input type="text" name="studentnum"><br>

		Last Name:<br>
		<input type="text" name="lastname"><br>

		First Name:<br>
		<input type="text" name="firstname"><br>

		Middle Initial:<br>
		<input type="text" name="middleinit"><br><br>

		<input type="submit" value="Submit">
	</form>

</body>
</html>
Posted
Updated 14-Nov-20 1:54am
Add a Solution
Comments
Richard MacCutchan 14-Nov-20 7:52am
   
Try without the quotes on the table and column names:
$insertsql = 
"INSERT INTO student (student_num, last_name, first_name, middle_init)
VALUES ('$a', '$b', '$c', '$d')";
Richard Deeming 16-Nov-20 4:49am
   
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

1 solution

Quote:
You have an error in your SQL syntax

Pay attention to use usage of backticks (`)in sql queries, very similar to quotes ('), but different.
How to use Backticks and quotes when querying a MySQL database[^]
   
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
My code is not inserting data into my database
insert HTML form data into SQL
Why won't my PHP form data won't insert data on my phpmyadmin database
Duplicate insertion of data
How to insert data in a mysql database using a html form
How to store form data into database
ERROR! ! I am facing issue in inserting data in database table.
How can I insert data into login form?
Fetch data from database and display in multiple HTML textbox
data is inserting in to database on each page refresh.

Advertise
Privacy
Cookies
Terms of Use
Last Updated 14 Nov 2020
Layout: fixed | fluid
Copyright © CodeProject, 1999-2022
All Rights Reserved.

Web04 2.8.2022.07.01.1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900