Click here to Skip to main content
15,903,175 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''record' values('', 'rr', 'emma@gmail.com', 'ffvf', '0022-02-22',)' at line 1 in C:\XAMMPP\htdocs\Student\insert.php:28 Stack trace: #0 C:\XAMMPP\htdocs\Student\insert.php(28): mysqli_query(Object(mysqli), 'INSERT into 're...') #1 {main} thrown in C:\XAMMPP\htdocs\Student\insert.php on line 28


What I have tried:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>
    <form action="" method="POST">
        Name<input type="text" name="name"><br>
        Email<input type="email" name="email"><br>
        Mobile<input type="mobile" name="mobilee"><br>
        Date<input type="date" name="date"><br>
        <input type="submit" name="submit">
    </form>
    <?php
if(isset($_POST['submit'])){
    $name=$_POST['name'];
    $email=$_POST['email'];
    $mobile=$_POST['mobile'];
    $date=$_POST['date'];

    $result=mysqli_query($mysqli, "INSERT into 'record' values('', '$name', '$email', '$mobile',  '$date',)");
    if($result){
        echo "success";
    }
    else{
        echo "Failed";
    }
}

    ?>
</body>
</html>
Posted
Comments
Richard Deeming 4-Dec-23 4:24am    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

1 solution

Change the query to this:
INSERT INTO record VALUEs ('', '$name', '$email', '$mobile', '$date')

Note the absence of quotes around the table name and the trailing comma after the '$date' parameter.

The standard query format for an INSERT is:
INSERT INTO tableName (columnName1, columnName2, ...)
VALUES (value1, value2, ...)

If you are inserting data into every column in the table, you can omit the column name list, but you MUST provide values for every column in the table and in the correct order, per the table layout.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900