0

Help me out, Im using localhost and getting this error whenever i fill out the form and click on submit button

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''aw-tech'.'contact' (name, email, phone, question) VALUES ('prince', 'khan@princ' at line 1

My PHP CODE SQL

mysql_select_db("aw-tech", $con);

$sql = "INSERT INTO 'aw-tech'.'contact' (name, email, phone, question) 
            VALUES ('$_POST[name]', '$_POST[email]', 
                    '$_POST[phone]', '$_POST[question]')";
simbabque
  • 53,749
  • 8
  • 73
  • 136
  • 3
    You need to use backticks around the names of tables (and columns) - you're using apostrophes. – andrewsi Dec 06 '13 at 23:24
  • watch out for sql injection.... – gloomy.penguin Dec 06 '13 at 23:25
  • @andrewsi in fact he doesn't need any kind of quotation here. – simbabque Dec 06 '13 at 23:29
  • @Plasmarob - that's actually a fine error message. The syntax is wrong. It says to the right of (before) the quoted statement... which is exactly where the error is. So... what someone would do is look up the syntax for an `insert` statement and see how their code compares. – gloomy.penguin Dec 06 '13 at 23:29
  • 1
    **Warning:** you're using [a **deprecated** database API](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) yourself from. – Marcel Korpel Dec 06 '13 at 23:35

1 Answers1

4

The problem is the you use straight single quotes (') instead of backticks (`). You should write 

"INSERT INTO `aw-tech`.`contact` ...

instead of 

"INSERT INTO 'aw-tech'.'contact' ...
Stefan Winkler
  • 3,871
  • 1
  • 18
  • 35