I get this error //ERROR
ERRORINSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('','','','','') You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'desc) VALUES ('','','' ,'','')' at line 1
PHP
<?php
$servername = 'mysql.hostinger.in';
$username = '';
$password = '';
$dbname = 'u424351292_icrcm';
if(isset($_POST['submit']))
{
$phone_no = $_POST['phno'];
$full_name = $_POST['fullname'];
$location = $_POST['address'];
$department = $_POST['dept'];
$description = $_POST['desc'];
}
$conn = new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error)
{
die("Connection Failed" . $conn->connect_error);
}
$sql = "INSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('$phone_no' , '$full_name' , '$location' , '$department' , '$description')";
if($conn->query($sql) === TRUE)
{
echo "Complaint Registered";
}
else
{
echo "ERROR".$sql."<br>".$conn->error;
}
$conn->close();
?>
//ERROR
ERRORINSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('','','','','') You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'desc) VALUES ('','','' ,'','')' at line 1
desc
is a reserved keyword in MySQL and needs to be escaped by backticks.
INSERT INTO new_comp_reg (..., `desc`) VALUES (...)
or change your column name to description
for instance.
BTW you are not escaping your user input which could lead to syntax errors and SQL injections. Use Prepared Statements.
if(isset($_POST['submit']))
{
$phone_no = $_POST['phno'];
$full_name = $_POST['fullname'];
$location = $_POST['address'];
$department = $_POST['dept'];
$description = $_POST['desc'];
}
$conn = new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error)
{
die("Connection Failed" . $conn->connect_error);
}
$sql = "INSERT INTO new_comp_reg VALUES ('$phone_no' , '$full_name' , '$location' , '$department' , '$description')";
if($conn->query($sql) === TRUE)
{
echo "Complaint Registered";`enter code here`
}
else
{
echo "ERROR".$sql."<br>".$conn->error;
}
$conn->close();
?>
I would say that it is
$sql = "INSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('".mysql_real_escape_string($phone_no)."' , '".mysql_real_escape_string($full_name)"' , '".mysql_real_escape_string($location)"' , '".mysql_real_escape_string($department)"' , '".mysql_real_escape_string($description)"')";
This would actually improve your protection. Also check your column name as sad above it might be that you referenced one wrong.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.