I try to do a form which can insert data into database. After I insert a dummy data the is come out.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax
This error are make me in trouble. My database are not inserted any record
<?php
$db = "assignment";
$table = "column";
$conn = mysqli_connect("localhost","root","");
mysqli_select_db($conn,$db);
$Title = $_POST['title'];
$Author = $_POST['author'];
$Country = $_POST['country'];
$Date = $_POST['date'];
$Abstract = $_POST['abstract'];
$Problem = $_POST['rproblem'];
$Aim = $_POST['raim'];
$Objectives = $_POST['robjective'];
$Type = $_POST['rstudies'];
if(isset($_POST['rmethod'])){
$method = implode(",",$_POST['rmethod']);
}else{
$method = "";
}
$sql = "INSERT INTO '$table' (title,author,country,date,abstract,rproblem,raim,robjective,rstudies,rmethod)
VALUES ('$Title','$Author,'$Country','$Date','$Abstract','$Problem','$Aim','$Objectives','$Type','$method')";
mysqli_query($conn,$sql);
if (!mysqli_query($conn,$sql)){
die('Error: ' . mysqli_error($conn));
}else{
echo "Data Added";
}
mysqli_close($conn);
?>
Advertisement
Answer
You’ve set your $table variable inside single quotes while using a reserved word, column for your table name $table = "column";
Use backticks around it, like so:
INSERT INTO `$table`
either do that or give your table another name.
You also have a quote missing here '$Author, so do '$Author',
Also, you can remove mysqli_query($conn,$sql); since you’re already using
if (!mysqli_query($conn,$sql))
Footnotes:
Your present code is open to SQL injection. I strongly suggest that you use prepared statements, or PDO with prepared statements.