Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:/... on line 10

Question

<?php 

$name=$_POST['name'];
$telephone=$_POST['telephone'];
$comment=$_POST['comment'];
$conn= mysql_connect("localhost","root","");

mysql_select_db("comments",$conn);

$sql= "INSERT INTO inside VALUES{($_POST['name']),($_POST['telephone']),($_POST['comment'])}";

if(mysql_query($sql,$conn))
{
echo 'record added';
}
else
{
echo 'error';
}
?>

I don't know what is the error in line 10, line 10 is:

$sql= "INSERT INTO inside VALUES{($_POST['name']),($_POST['telephone']),($_POST['comment'])}";

My database name is comments and table name is inside, and also sometimes when I finished this I got the result as 'error' I think it comes from the line 18. can you please tell me how to solve this, I'am fed of this!

score 1 · Accepted Answer · edited May 23 '17 at 12:06

You have syntax errors in your query. You need to have the curley brackets around every $_POST in your query, and your query should be ... VALUE (....)

change -

$sql= "INSERT INTO inside VALUES{($_POST['name']),($_POST['telephone']),($_POST['comment'])}";

to

$sql= "INSERT INTO inside VALUES ( {$_POST['name']}, {$_POST['telephone']},{$_POST['comment']})";

see
http://dev.mysql.com/doc/refman/5.6/en/insert.html
and
http://php.net/manual/en/language.types.string.php#language.types.string.parsing.complex

also, you should not be inserting user data directly into your database. take a look at
How can I prevent SQL injection in PHP?

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:/... on line 10

1 Answers1