0

Whenever i enter my details and submit the query give me an error

INSERT INTO `temp_user_detail` (`email`, `username`, `profession`, 
`experience`, `current_work`, `state`, `job_type`, `about`, `college`, 
`diploma`, `department`, `looking`) VALUES 
('mailmeabhishek95@gmail.com', 'abhinift2014', 'nj', 'Less than 2 
years', 'Home', 'Kerala', 'Fixed Term', 'hii', 'Arch Academy Of Design', 
'Bachelor's Of Fashion Technology', 'Lifestyle Design', 'Work')You have 
an error in your SQL syntax; check the manual that corresponds to your 
MySQL server version for the right syntax to use near 's Of Fashion 
Technology', 'Lifestyle Design', 'Work')' at line 1

here is the php part

 $hi= "INSERT INTO `temp_user_detail` (`email`, `username`, 
 `profession`, `experience`, `current_work`, `state`, `job_type`, 
 `about`, `college`, `diploma`, `department`, `looking`) VALUES 
('$email', '$userid1', '$profession', '$experience', '$current', 
'$state', '$jobtype', '$about', '$college', '$diploma', '$depart', 
'$looking')";
$run=mysql_query($hi)
or die(mysql_error());
abhishek
  • 11
  • 1
  • 5
  • 3
    What is wrong with this input `'Bachelor's Of Fashion Technology'`? That is why you need to escape your input. And best use Prepared Statements – juergen d Oct 30 '15 at 19:04
  • use `'Bachelor\'s Of Fashion Technology'`, you can read about it in google why it is showing you that error – samayo Oct 30 '15 at 19:05
  • you should escape your params/variables with `mysql_real_escape_string` – tino.codes Oct 30 '15 at 19:05
  • sorry but i didn't get you... @juergend – abhishek Oct 30 '15 at 19:05
  • Quotes end your string. if you have them in your input, then the syntax is all messed up. Look the at color highlighting in your question. – juergen d Oct 30 '15 at 19:06
  • @abhishek: I assume you're learning PHP. Here's some advice: stop using mysql_* functions. They're deprecated. Learn mysqli. Also google about prepared statements. They make it a *lot* easier. – Amal Murali Oct 30 '15 at 19:07
  • @abhishek please read for 5 minutes before you ask such very simple 'questions;. You should escape the `'`, because in here `'Arch Academy Of Design', 'Bachelor's Of Fashion Technology', ` your database thinks, ` 'Bachelor's Of Fashion Technology'` is 2 values. – samayo Oct 30 '15 at 19:07

2 Answers2

1

mysql is deprecated and you should use mysqli instead.

Whenever i enter my details and submit the query give me an error

You need to escape the single quote of $diploma Bachelor's<- here. You can use mysql_real_escape_string for that, i.e.:

$diploma = mysql_real_escape_string($diploma);

For mysqli use:

$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
...
$diploma = $mysqli->real_escape_string($diploma);
...

Here's some examples

Pedro Lobito
  • 94,083
  • 31
  • 258
  • 268
0

Use this PHP function for your variables:

$email = mysql_real_escape_string($email);
$userid1 = mysql_real_escape_string($userid1);

... and 

$hi= "INSERT INTO `temp_user_detail` (`email`, `username`, 
 `profession`, `experience`, `current_work`, `state`, `job_type`, 
 `about`, `college`, `diploma`, `department`, `looking`) VALUES 
($email, $userid1, $profession, $experience, $current, 
$state, $jobtype, $about, $college, $diploma, $depart, $looking)";
Max
  • 711
  • 5
  • 13