Reputation: 60
SQL error inserting into table
I keep getting this error in my php. It worked fine when I hard set the values but doesn't seem to work with variables.
Error: INSERT INTO ContactUS (name, email, subscribed) VALUES (TEST, [email protected], 1) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Anis, [email protected], 1)' at line 1
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO ContactUS (name, email, subscribed) VALUES ($name, $email, $subscribed)";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
Upvotes: 1
Views: 1293
Answers (2)
Reputation: 7911
Values should be quoted:
$sql = "INSERT INTO ContactUS (name, email, subscribed) VALUES ('$name', '$email', '$subscribed')";
Perhaps it's better to use prepared statements as this is done automatically for you and you won't be vulnerable to SQL injections.
Upvotes: 1
Reputation: 2185
Use quotes around variables, as PHP will replace its value, leaving an invalid query:
$sql = "INSERT INTO ContactUS (name, email, subscribed) VALUES ('$name', '$email', '$subscribed')";
but please use prepared statements, otherwise you'll be victim of SQL injection
Upvotes: 0
Related Questions
- How can I prevent SQL injection in PHP?
- How to import an SQL file using the command line in MySQL?
- How to grant all privileges to root user in MySQL 8.0
- Insert into a MySQL table or update if exists
- Can I concatenate multiple MySQL rows into one field?
- How to remove constraints from my MySQL table?
- How to alter a column and change the default value?