-2

When I insert data into the database I get this error:

(Must insert it into the table that has the user's name)

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(descrizione, data, entrata, uscita) VALUES ('test',now(),'43243','2354')' at line 1

The code is this:

<?php
$con=mysqli_connect("localhost","root","","bilancio");
if (mysqli_connect_errno())
  {
  echo "** Errore critico connessione:  " . mysqli_connect_error();
  }

$sql="INSERT INTO $user (descrizione, data, entrata, uscita) 
VALUES 
('$_POST[descrizione]',now(),'$_POST[entrata]','$_POST[uscita]')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "";

mysqli_close($con);
?>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Sisma
  • 1
  • 1
  • Where is defined $user variable? – Simone Nigro Apr 12 '14 at 13:40
  • You asked [**this question**](http://stackoverflow.com/questions/23030800/creation-table-with-php) earlier and can't expect to use the `$user` variable as if it already exists. Assign something to it. – Funk Forty Niner Apr 12 '14 at 13:41
  • Must insert it into the table that has the user's name – Sisma Apr 12 '14 at 13:42
  • You will need to fetch your DB first in order to insert data for an existing user. – Funk Forty Niner Apr 12 '14 at 13:42
  • Your present code is open to [**SQL injection**](http://stackoverflow.com/q/60174/). Use [**prepared statements**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php), or [**PDO**](http://php.net/pdo) – Funk Forty Niner Apr 12 '14 at 13:44
  • To all who are giving answers below (*so far*); you have NOT grasped the question at all. See OP's [**other question**](http://stackoverflow.com/questions/23030800/creation-table-with-php) – Funk Forty Niner Apr 12 '14 at 13:55

1 Answers1

0

According what you have given your query should be as below.

"INSERT INTO user (descrizione, data, entrata, uscita) 
VALUES 
('$_POST[descrizione]',now(),'$_POST[entrata]','$_POST[uscita]')"

table name should n't have a $.

Don't insert $_POST data to the database directly. You should use validation to implement data security.

Flexo
  • 87,323
  • 22
  • 191
  • 272
Techie
  • 44,706
  • 42
  • 157
  • 243
  • You're technically correct, but I doubt very much that's what the OP wants to do. See OP's other question http://stackoverflow.com/questions/23030800/creation-table-with-php and you'll see what I mean. – Funk Forty Niner Apr 12 '14 at 13:43
  • Read the OP's other question/code carefully. I can't say anymore than I already have here and under OP's question above. – Funk Forty Niner Apr 12 '14 at 13:45
  • The only thing I can say is this; OP expects to enter data into a table where a username has already been created. *Again,* see OP's [**other question**](http://stackoverflow.com/questions/23030800/creation-table-with-php). The OP's DB could contain a table called "user1", or "user_123" etc. therefore, OP needs to query the DB in order to properly set the `$user` variable to it. – Funk Forty Niner Apr 12 '14 at 13:47