Inserting data into MySQL table with only one column

Question

Here's my HTML code:

<html>
<body>
<form action="insert.php" method="post">
Script Name: <input type="text" name="scriptname">
<input type="submit">
</form>
</body>
</html> 

Here's my PHP code:

<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$sql="INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "1 record added";

mysqli_close($con);
?> 

What I'm trying to do is insert in the table appslist into the column listall (the only column in that database).

But I keep getting this error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''43things clone script' at line 3

Answer 1

You must close your brackets here:

"INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]')";

Answer 2

Here, do use the following which is a safer method .

To point out where you made your mistake, it was a missing quote ' and a bracket ) in ('$_POST[scriptname] which should have read as ('$_POST[scriptname]') (EDIT: As Dan Bracuk pointed out in his comment, thank you Dan.) however, using this method is prone to SQL injection .

Also wrapping your table name with backticks is suggested.

EDIT:

Use the the following (inside commented code below) if you haven't declared your variable.

$scriptname=mysqli_real_escape_string($con, $_POST['scriptname']);

Instead of: (Both are in the code below. Simply use the one you need)

$scriptname=mysqli_real_escape_string($con,$scriptname);

PHP

<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

// use the commented one below if you haven't declared your variable.
// $scriptname=mysqli_real_escape_string($con, $_POST['scriptname']);
$scriptname=mysqli_real_escape_string($con,$scriptname);

$sql="INSERT INTO `appslist` (listall) 
VALUES ('$scriptname')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "1 record added";

mysqli_close($con);
?>

Answer 3

use this:

$var = mysql_real_escape_string($_POST['scriptname']);
$sql="INSERT INTO appslist (listall) VALUES ('$var')";

instead of this:

$sql="INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]";

You missed ') at the end of statement and ' ' in $_POST variable

Answer 4

try this

<?php
    $con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
    // Check connection
    if (mysqli_connect_errno())
      {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
      }
    $scriptname = stripslashes($_POST['scriptname']);
    $sql="INSERT INTO appslist (listall) VALUES('$scriptname')";

    if (!mysqli_query($con,$sql))
      {
      die('Error: ' . mysqli_error($con));
      }
    echo "1 record added";

    mysqli_close($con);
    ?>