1

I am trying to insert values in database but getting the following error

Error: insert into lead (Name,phone,dob,height,weight,source,city,area,address,status,preferred_mode_of_contact,email,email_verified,style,number_of_classes_per_week,days_of_week,time_start,time_end,duration,start_date,description,preferred_trainer_type,price_per_class,price_per_month,call) value ('','','','','','Source 1','','','','','phone','','0','','1','0','','','','','','','','','2015-07-16')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'call) value ('','','','','','Source 1','','','','','phone','','0','','1','0',''' at line 1

I have checked I am passing correct number of values no extra column no extra value.The column "call' is of date data type.When I remove "call" from insert query it works fine

Below is the query

$sql="insert into lead (Name,phone,dob,height,weight,source,city,area,address,status,preferred_mode_of_contact,email,email_verified,style,number_of_classes_per_week,days_of_week,time_start,time_end,duration,start_date,description,preferred_trainer_type,price_per_class,price_per_month,call)
value ('$name','$phone','".$dob."','$Height','$Weight','$Source','$City','$Area','$Address','$Status','$preferred_mode_of_con','$email','$email_verify','$style','$noc','$day','$time_from','$time_to','$duration','".$ts."','$des','$ptt','$price','$price_month','".$call."')";

if (mysqli_query($conn, $sql))
        echo "User registered Sucessfully";
    else
        echo "Error: " . $sql . "<br>" . mysqli_error($conn);
            echo '<br><a href="lead_reg.php">Click Here to go back</a></h3>';
Legendary_Hunter
  • 1,040
  • 2
  • 10
  • 29
  • What `var_dump($call);` outputs? – D4V1D Jul 29 '15 at 08:51
  • possible duplicate of [How do I escape reserved words used as column names? MySQL/Create Table](http://stackoverflow.com/questions/2889871/how-do-i-escape-reserved-words-used-as-column-names-mysql-create-table) – Sougata Bose Jul 29 '15 at 08:55
  • This code smells of potential [SQL Injection](https://en.wikipedia.org/wiki/SQL_injection). – Phylogenesis Jul 29 '15 at 08:56

2 Answers2

4

Because CALL is a reserved word, you need to enclose it in backquotes (`) if you want to use it as a column name. This is the correct form of your query:

$sql="insert into lead (Name,phone,dob,height,weight,source,city,area,address,status,preferred_mode_of_contact,email,email_verified,style,number_of_classes_per_week,days_of_week,time_start,time_end,duration,start_date,description,preferred_trainer_type,price_per_class,price_per_month,`call`) ".
     "value ('$name','$phone','".$dob."','$Height','$Weight','$Source','$City','$Area','$Address','$Status','$preferred_mode_of_con','$email','$email_verify','$style','$noc','$day','$time_from','$time_to','$duration','".$ts."','$des','$ptt','$price','$price_month','".$call."')";

P.S. I'm not sure why you are treating certain variables like $dob differently. You can just use the same syntax as for $name.

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
2

I modified your sql. In your sql problem is call.It will work.

$sql="insert into lead (Name,phone,dob,height,weight,source,city,area,address,status,preferred_mode_of_contact,email,email_verified,style,number_of_classes_per_week,days_of_week,time_start,time_end,duration,start_date,description,preferred_trainer_type,price_per_class,price_per_month,`call`)
values ('$name','$phone','".$dob."','$Height','$Weight','$Source','$City','$Area','$Address','$Status','$preferred_mode_of_con','$email','$email_verify','$style','$noc','$day','$time_from','$time_to','$duration','".$ts."','$des','$ptt','$price','$price_month','".$call."')";

Thank you

Venkatesh Panabaka
  • 2,064
  • 4
  • 19
  • 27