Here's my HTML code:
<html>
<body>
<form action="insert.php" method="post">
Script Name: <input type="text" name="scriptname">
<input type="submit">
</form>
</body>
</html>
Here's my PHP code:
<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
What I'm trying to do is insert in the table appslist
into the column listall
(the only column in that database).
But I keep getting this error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''43things clone script' at line 3
You must close your brackets here:
"INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]')";
Here, do use the following which is a safer method .
To point out where you made your mistake, it was a missing quote '
and a bracket )
in ('$_POST[scriptname]
which should have read as ('$_POST[scriptname]')
(EDIT: As Dan Bracuk pointed out in his comment, thank you Dan.) however, using this method is prone to SQL injection .
Also wrapping your table name with backticks is suggested.
Use the the following (inside commented code below) if you haven't declared your variable.
$scriptname=mysqli_real_escape_string($con, $_POST['scriptname']);
Instead of: (Both are in the code below. Simply use the one you need)
$scriptname=mysqli_real_escape_string($con,$scriptname);
PHP
<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// use the commented one below if you haven't declared your variable.
// $scriptname=mysqli_real_escape_string($con, $_POST['scriptname']);
$scriptname=mysqli_real_escape_string($con,$scriptname);
$sql="INSERT INTO `appslist` (listall)
VALUES ('$scriptname')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
use this:
$var = mysql_real_escape_string($_POST['scriptname']);
$sql="INSERT INTO appslist (listall) VALUES ('$var')";
instead of this:
$sql="INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]";
You missed ')
at the end of statement and ' ' in $_POST variable
try this
<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$scriptname = stripslashes($_POST['scriptname']);
$sql="INSERT INTO appslist (listall) VALUES('$scriptname')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.