INSERT INTO syntax issue

Question

I keep having a syntax error issue even when I try to resolve it. Here is the error message:

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rue de vergennes, 06xxxxxxxx, mail@mail.com)' at line 2"

Here is my code:

1.html

<form method="post" action="2.php">
      <p>
          <label>Nom</label> : <input type="text" name="nom"><br>
          <label>Prénom</label> : <input type="text" name="prenom"><br>
          <label>Adresse</label> : <input type="text" name="adresse"><br>
          <label>Numéro de téléphone</label> : <input type="tel" name="tel" pattern="^((\+\d{1,3}(-| )?\(?\d\)?(-| )?\d{1,5})|(\(?\d{2,6}\)?))(-| )?(\d{3,4})(-| )?(\d{4})(( x| ext)\d{1,5}){0,1}$"><br>
          <label>Adresse e-mail</label> : <input type="email" name="mail"><br>
          <input type="submit" name="submit" value="Poursuivre">
      </p>
  </form>

2.php

<?php
  $servername = "localhost";
  $username = "root";
  $password = "root";
  $dbname = "kitcasino";

$nom = $_POST['nom'];
$prenom = $_POST['prenom'];
$adresse = $_POST['adresse'];
$tel = $_POST['tel'];
$mail = $_POST['mail'];

  $conn = mysqli_connect($servername, $username, $password, $dbname);
  if (!$conn) {
      die("Connection failed: " . mysqli_connect_error());
  }

  $sql = "INSERT INTO donnees (nom, prenom, adresse, tel, email)
  VALUES ($nom, $prenom, $adresse, $tel, $mail)";

  if (mysqli_query($conn, $sql)) {
      echo "Done!";
  } else {
      echo "Error: " . $sql . "<br>" . mysqli_error($conn);
  }

  mysqli_close($conn);
  ?>

Answer 1

Use mysqli prepared statements this is safer and faster for your application.

$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "kitcasino";
$nom = $_POST['nom'];
$prenom = $_POST['prenom'];
$adresse = $_POST['adresse'];
$tel = $_POST['tel'];
$mail = $_POST['mail'];
$mysqli = new mysqli($servername, $username, $password, $dbname);
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
$stmt = $mysqli->prepare("INSERT INTO donnees (`nom`, `prenom`, `adresse`, `tel`, `email`) VALUES (?,?,?,?,?)");
$stmt->bind_param("sssss", $nom, $prenom, $adresse, $tel, $mail);
if (!$stmt->execute()) {
trigger_error('Error executing MySQL query: ' . $stmt->error);
} else {
echo "Done!";
}
$stmt->close();
$mysqli->close();

Answer 2

try to youe the code bellow

      $servername = "localhost";
      $username = "root";
      $password = "root";
      $dbname = "kitcasino";

  $con = mysqli_connect($servername, $username, $password, $dbname);
$nom = mysqli_real_escape_string($con, $_POST['nom']);
$prenom = mysqli_real_escape_string($con, $_POST['prenom']);
$adresse = mysqli_real_escape_string($con, $_POST['adresse']);
$tel = $_POST['tel'];
$mail = $_POST['mail'];
    if (!$conn) {
          die("Connection failed: " . mysqli_connect_error());
      }

      $sql = "INSERT INTO donnees (nom, prenom, adresse, tel, email)
      VALUES ('".$nom."', '".$prenom."', '".$adresse."', '".$tel."', '".$mail."')";

      if (mysqli_query($conn, $sql)) {
          echo "Done!";
      } else {
          echo "Error: " . $sql . "<br>" . mysqli_error($conn);
      }

      mysqli_close($con);

Answer 3

You have to do like that :

 $sql = "INSERT INTO donnees (nom, prenom, adresse, tel, email)
  VALUES ('".$nom."', '".$prenom."', '".$adresse."', '".$tel."', '".$mail."')";

Bonjour de la france, puisque je vois un francophone :)

Answer 4

you have to put the variable between quote as

$sql = "INSERT INTO donnees (nom, prenom, adresse, tel, email)
  VALUES ($nom, '$prenom', '$adresse', $tel, '$mail')";