Click here to Skip to main content
15,559,491 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '12', '23', '12', '12', '12', '12', '12 ')' at line 1


Here is my code:
<?php
    $conn = new mysqli("localhost","sgane5","loreburn","sgane5_IA2") or die(mysqli_error($conn));
    if (isset($_POST["submit"])) {
        $State = $_POST["State"];
        $ConfirmedCases = $_POST["ConfirmedCases"];
        $Deaths = $_POST["Deaths"];
        $Recovered = $_POST["Recovered"];
        $ActiveCases = $_POST["ActiveCases"];
        $TestConducted = $_POST["TestConducted"];
        $TestPerMillion = $_POST["TestPerMillion"];
        $Hospitalisation = $_POST["Hospitalisation"];
        $query = mysqli_query($conn, "INSERT INTO Covid ( State, ConfirmedCases, Deaths, Recovered, ActiveCases, TestConducted, TestPerMillion, Hospitalisation) VALUES ( '$State, '$ConfirmedCases', '$Deaths', '$Recovered', '$ActiveCases', '$TestConducted', '$TestPerMillion', '$Hospitalisation ')") or die(mysqli_error($conn));
    }
    $query = mysqli_query($conn, "SELECT * FROM Covid") or die(mysqli_error());
    while ($row = mysqli_fetch_array($query)) {
        printf("<form action='Addbook.php' method='post'>
                <input type='text' name='State' value='%s'>
                <input type='text' name='ConfirmedCases' value='%s'>
                <input type='text' name='Deaths' value='%s'>
                <input type='text' name='Recovered' value='%s'>
                <input type='text' name='ActiveCases' value='%s'>
                <input type='text' name='TestConducted' value='%s'>
                <input type='text' name='TestPerMillion' value='%s'>
                <input type='text' name='Hospitalisation' value='%s'>
                <input type='submit' value='Update'>
                </form>", $row['State'], $row['ConfirmedCases'], $row['Deaths'], $row['Recovered'], $row['ActiveCases'], $row['TestConducted'], $row['TestPerMillion'], $row['Hospitalisation']);
    }
?>
</body>
</html>
			 
			 <form name = "search" action ="<?php echo $_SERVER["PHP_SELF"];?>" method="POST">
        <input type="text" placeholder="Acronyms Only" name="search">
        <input type="Submit" value="Search">class="fa fa-search"></button>
    </form>
     <print>Coronavirus Tables Click to reset table ----> <a href="SearchStats.php">Here</a></print>
			     <?php
 $conn = new mysqli("localhost","sgane5","loreburn","sgane5_IA2") or die(mysqli_error($conn));
            // This is the searching bit of the database
            if (isset($_POST["search"])) {
                $Search = $_POST['search'];
                // this selects all the information form the database and has printed on the site
                $query = mysqli_query($conn, "SELECT State ConfirmedCases, Deaths, Recovered, ActiveCases, TestConducted, TestPerMillion, Hospitalisation
                    FROM Covid WHERE State LIKE '%$Search%'") or die(mysqli_error($conn));
                
                print("<table border=\"1\">");
                print("<tr><td>State</td>
                    <td>ConfirmedCases</td>
                    <td>Deaths</td>
                    <td>Recovered</td>
                    <td>ActiveCases</td>
                    <td>TestConducted</td>
                    <td>TestPerMillion</td>
                    <td>Hospitalisation</td>");
                while($row = mysqli_fetch_array($query)) {
                    printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>",
                    $row['State'], $row['ConfirmedCases'], $row['Deaths'], $row['Recovered'], $row['ActiveCases'], $row['TestConducted'], $row['TestPerMillion'], $row['Hospitalisation']);
                }
                print("</table>");
            } else {
                $query = mysqli_query($conn, "SELECT State ConfirmedCases, Deaths, Recovered, ActiveCases, TestConducted, TestPerMillion, Hospitalisation
                    FROM Covid") or die(mysqli_error($conn));
                print("<table border=\"1\">");
                print("<tr><td>State</td>
                    <td>ConfirmedCases</td>
                    <td>Deaths</td>
                    <td>Recovered</td>
                    <td>ActiveCases</td>
                    <td>TestConducted</td>
                    <td>TestPerMillion</td>
                    <td>Hospitalisation</td>");
                while ($row = mysqli_fetch_array($query)) {
                    printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>",
                    $row['State'], $row['ConfirmedCases'], $row['Deaths'], $row['Recovered'], $row['ActiveCases'], $row['TestConducted'], $row['TestPerMillion'], $row['Hospitalisation']);
                }
                print("</table>");
        
            }
			?>


What I have tried:

I've tried all i can think about, i keep getting this error and my database table won't update
Posted
Updated 21-May-21 19:31pm
Comments
Richard Deeming 24-May-21 6:27am    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]

1 solution

Take a real close look at all those apostrophes. You don't have them matched up, specifically $State, and the extra space after $Hospitalisation.
INSERT INTO Covid ( State, ConfirmedCases, Deaths, Recovered, ActiveCases, TestConducted, TestPerMillion, Hospitalisation) VALUES ( '$State, '$ConfirmedCases', '$Deaths', '$Recovered', '$ActiveCases', '$TestConducted', '$TestPerMillion', '$Hospitalisation ')
I would also skip using them entirely and go with parameterized queries. Why? What if one of your values has an apostrophe in it? You'll get another situation where your apostrophies don't match up and you'll get another syntax error in your SQL.
 
Share this answer
 
Comments
shahi ganenthiran 22-May-21 2:55am    
Thank You so much
shahi ganenthiran 22-May-21 3:01am    
I've fixed the apostrophes and the space however, my page is just refreshing and my database is not updated
Dave Kreskowiak 22-May-21 10:50am    
I don't know PHP enough to go any further.
shahi ganenthiran 23-May-21 22:20pm    
Thats All goods thank you soo much for your help

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900