Getting SQL error while inserting the data into database using MySQL and PHP

Question

I am getting the following error while trying to insert data into database.

Error:

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Live Your Life Well'. Live Your Life Well' was a theme designed to encourage peo' at line 1

I am providing the query below:

INSERT phr_health_care set title='Mental Health Awareness',description='In 2010, the theme was 'Live Your Life Well'. Live Your Life Well' was a theme designed to encourage people to take responsibility for the prevention of mental health issues during times of personal challenge and stress. The message was to inform the public that many mental health problems could be avoided by striving toward and making positive lifestyle choices in the ways we act and think',status='1',image='4o2kgkpgu_awarenessdaycolorgen.jpg',date='2016-02-12 15:32:44'

How can I resolve this error?

Answer 1

if insert then

INSERT INTO table_name("column_names_separates_by_commas") VALUES ("values_for_columns_separated_by_commas");

if update then

UPDATE table_name SET column1="value1", column2="vaule2", columnN="valueN"

but following SQL is also executing fine.

INSERT phr_health_care set 
title='Mental Health Awareness',
description="In 2010, the theme was 'Live Your Life Well'. Live Your Life Well' was a theme designed to encourage people to take responsibility for the prevention of mental health issues during times of personal challenge and stress. The message was to inform the public that many mental health problems could be avoided by striving toward and making positive lifestyle choices in the ways we act and think",
status='1',
image='4o2kgkpgu_awarenessdaycolorgen.jpg',
date='2016-02-12 15:32:44'

this is exact query i tested by myself and it is executing fine.

Answer 2

You are passing description '$newCustomerobj->description' with single quotes. You first add backslash like:

$description = addslashes($newCustomerobj->description);

Now pass this variable in your query.

Answer 3

The problem is with the quotes. You should escape the special characters using the \\ character. Try with,

 INSERT phr_health_care set title='Mental Health 
Awareness',description='In 2010, the theme was \'Live Your Life Well\'. 
Live Your Life Well\' was a theme designed to encourage people to take 
responsibility for the prevention of mental health issues during times of
personal challenge and stress. The message was to inform the public that
 many mental health problems could be avoided by striving toward and 
making positive lifestyle choices in the ways we act and 
think',status='1',image='4o2kgkpgu_awarenessdaycolorgen.jpg',date='2016-
02-12 15:32:44'

Answer 4

The following code should work, you'll need backslashes for quotes in your string. I've reformatted your code, this should now work.

INSERT `phr_health_care` SET `title` = 'Mental Health Awareness', 
`description` = 'In 2010, the theme was \'Live Your Life Well\'. Live Your 
Life Well' was a theme designed to encourage people to take responsibility for
 the prevention of mental health issues during times of personal challenge and 
stress. The message was to inform the public that many mental health problems 
could be avoided by striving toward and making positive lifestyle choices in 
the ways we act and think', `status` = '1', `image` = 
'4o2kgkpgu_awarenessdaycolorgen.jpg', `date` = '2016-02-12 15:32:44'

Hope this helps, thanks!

Answer 5

Its because of single quotes.

In MySQL, strings (field values) are enclosed with single quotes.

So, if single quote comes in the string itself, string breaks and upcoming words are considered as MySQL Reserved Keywords .

Use mysqli_real_escape_string()