How to fix this SQL syntax error?

Question

How do I fix this error?

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1."

I'm using wamp server. localhost:81.

<?php
  $conn =mysqli_connect('localhost', 'root' , '','register');

  if(isset($_POST['submit']))
  { 
    $fname=$_POST['FName'];
    $mname = $_POST['UName'];
    $email = $_POST['email'];
    $contact = $_POST['contact'];
    $gender = $_POST['gender'];
    $Password = $_POST['Pass'];
    $Repassword = $_POST['Rpass'];
    $sql = "INSERT INTO registered(FullName,UserName,Email,Contact#,Gender,Password,RPassword) values('$fname','$mname','$email','$contact','$gender','$Password','$Repassword')";

    if ($conn->query($sql) === TRUE) {
      echo "New record created successfully";
      print '<script>alert("Successfully Submit Data!");</script>';
    }
    else{
      echo "Error: " . $sql . "<br>" . $conn->error;
    }
    $conn->close();
  }
?> 

Answer 1

I would recommend using backticks (`) around your column names, to prevent SQL from seeing it as something else. You also want to make sure you escape the data as well.

$sql = "INSERT INTO `registered`
(`FullName`, `UserName`, `Email`, `Contact#`, `Gender`, `Password`, `RPassword`)              
VALUES (?, ?, ?, ?, ?, ?, ?)";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('sssssss', $fname, $mname, $email, $contact, $gender, $Password, $Repassword);
if ( $stmt->exec() ) {
    //Success
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

For more information on SQL Injection, and how it can effect you, please check out this post .

Answer 2

try this

INSERT INTO `registered`(`FullName`,`UserName`,`Email`,`Contact#`,`Gender`,`Password`,`RPassword`)              
 values('$fname','$mname','$email','$contact','$gender','$Password','$Repassword')";

Answer 3

try this

$sql = "INSERT INTO registered(FullName,UserName,Email,Contact#,Gender,Password,RPassword)              
 values($fname,$mname,$email,$contact,$gender,$Password,$Repassword)";