SQL语法错误''在文件长度之外的行附近

Question

I have this code to send the data of 3 input fields for an id-number and 2 dates (2 selectors, one text field) to my database. All 3 columns are VARCHAR. I am using a form with method POST.

I get this error:

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 336

I do not have 336 lines in any of my files.

This is what PHP and SQL code I have in my file. I've been going through it for a long while now but can't seem to find where this syntax error lies. Any ideas?

<?php
//Fetches the id of the konsert selected.
$id = $_GET['id'];

//Create DB object
$db = new Database();

//Create query to fetch personel
$query = "SELECT * FROM funktionar";

//Run above query
$personel = $db->select($query);

//Fetch all from konsert matching the id
$query = "SELECT * FROM konsert WHERE konsertID=".$id;

//Run above query
$konsert = $db->select($query);

if(isset($_POST['submit'])) {
    //Assign variables
    $namn = mysqli_real_escape_string($db->link, $_POST['personalID']);
    $tidStart = mysqli_real_escape_string($db->link, $_POST['tidStart']);
    $tidSlut = mysqli_real_escape_string($db->link, $_POST['tidSlut']);

    //Simple validation
    if($namn == '' || $tidStart == '' || $tidSlut == ''){
        //Set error if any field is left empty
        $error = 'V&auml;nligen fyll i alla f&auml;lt.';
        } else {
        $query = "INSERT INTO sakerhet
            (personalID, tidStart, tidSlut)
            VALUES ('$namn', '$tidStart', '$tidSlut')";

        $insert_row = $db->insert($query);
    }
}
?>

EDIT: Have added the insert function:

public function insert($query) {
       $insert_row = $this->link->query($query) or die($this->link->error.__LINE__);

       //Validate insert
       if($insert_row) {
           header("Location: index.php?msg=".urlencode('Record Added'));
           exit();
       } else {
           die('Error : ('.$this->link->errno .') '.$this->link->error);
       }

   }

Answer 1

Final and working solution. This SQL error occured due to:

• Missing table column. While the error was too vague to give this direct answer I put all input data into simple variables instead á "$selected = $_POST['name']" and echoed the variables á "echo $konsert;", etc, to check so the data was fetched properly from its form. Commenting out the query as I did.
• Likely wrong use of either mysqli_real_escape_string or "->link->"? I do not work in sessions with this project as it's not required and won't go public so removing this will be alright for me.

Conclusion It wasn't as much a syntax error as the query having problems executing itself due to above. The syntax was correct.

Disclaimer This code is not 100% safe nor 100% done. The input fields are NOT sanitised and as was pointed out to me by @EagleRainbow it is not safe to use the "$id = $_GET['id'];".

Code

<?php
//Fetches the id of the konsert selected.
$id = $_GET['id'];

//Create DB object
$db = new Database();

//Create query to fetch personel
$query = "SELECT * FROM funktionar";

//Run above query
$personel = $db->select($query);

//Select all from table sakerhet
$query = "SELECT * FROM sakerhet";

//Run above query
$safety = $db->select($query);

//Fetch all from konsert matching the id
$query = "SELECT * FROM konsert WHERE konsertID=".$id;

//Run above query
$konsert = $db->select($query);

<?php
    if(isset($_POST['submit'])) {
        //Assign variables
        $selected = $_POST['safetyName'];
        $tidStart = $_POST['tidStart'];
        $tidSlut = $_POST['tidSlut'];
        $konsert = $id;

        //Simple validation
        if($selected == '' || $tidStart == '' || $tidSlut == ''){
            //Set error if any field is left empty
            $error = "V&auml;nligen fyll i alla f&auml;lt.";
            } else {
                $query = "INSERT INTO sakerhet (personalID, tidStart, tidSlut, konsertID) VALUES ('$selected', '$tidStart', '$tidSlut', '$konsert')";
                $insert_row = $db->insert($query);
        }
    }
?>

Code from database file

public function insert($query) {
       $insert_row = $this->link->query($query) or die($this->link->error.__LINE__);

       //Validate insert
       if($insert_row) {
           header("Location: index.php?msg=".urlencode('Record Added'));
           exit();
       } else {
           die('Error : ('.$this->link->errno .') '.$this->link->error);
       }

   }

Thanks for the help given.