You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use nea

Question

I get this error //ERROR

ERRORINSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('','','','','') You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'desc) VALUES ('','','' ,'','')' at line 1

PHP

<?php

    $servername = 'mysql.hostinger.in';
    $username = '';
    $password = '';
    $dbname = 'u424351292_icrcm';

    if(isset($_POST['submit']))
    {
        $phone_no = $_POST['phno'];
        $full_name = $_POST['fullname'];
        $location = $_POST['address'];
        $department = $_POST['dept'];
        $description = $_POST['desc'];
    }

        $conn = new mysqli($servername,$username,$password,$dbname);

        if($conn->connect_error)
        {
            die("Connection Failed" . $conn->connect_error);
        }

        $sql = "INSERT INTO new_comp_reg (phno , fullname , address , dept , desc)  VALUES ('$phone_no' , '$full_name' , '$location' , '$department' , '$description')";

        if($conn->query($sql) === TRUE)
        {
            echo "Complaint Registered";
        }
        else
        {
            echo "ERROR".$sql."<br>".$conn->error;
        }

    $conn->close();
    ?>

//ERROR

ERRORINSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('','','','','') You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'desc) VALUES ('','','' ,'','')' at line 1

Desc is a reserved keyword, you should escape it – Fabio Dec 16 '15 at 20:16 — Fabio, Dec 16 '15 at 20:16

score 2 · Answer 1 · answered Dec 16 '15 at 20:16

desc is a reserved keyword in MySQL and needs to be escaped by backticks.

INSERT INTO new_comp_reg (..., `desc`)  VALUES (...)

or change your column name to description for instance.

BTW you are not escaping your user input which could lead to syntax errors and SQL injections. Use Prepared Statements.

score 0 · Answer 2 · answered Nov 22 '16 at 06:03

if(isset($_POST['submit']))
{
    $phone_no = $_POST['phno'];
    $full_name = $_POST['fullname'];
    $location = $_POST['address'];
    $department = $_POST['dept'];
    $description = $_POST['desc'];
}

    $conn = new mysqli($servername,$username,$password,$dbname);

    if($conn->connect_error)
    {
        die("Connection Failed" . $conn->connect_error);
    }

    $sql = "INSERT INTO new_comp_reg VALUES ('$phone_no' , '$full_name' , '$location' , '$department' , '$description')";

    if($conn->query($sql) === TRUE)
    {
        echo "Complaint Registered";`enter code here`
    }
    else
    {
        echo "ERROR".$sql."<br>".$conn->error;
    }

$conn->close();
?>

score -1 · Answer 3 · answered Dec 16 '15 at 20:32

-1

I would say that it is

$sql = "INSERT INTO new_comp_reg (phno , fullname , address , dept , desc)  VALUES ('".mysql_real_escape_string($phone_no)."' , '".mysql_real_escape_string($full_name)"' , '".mysql_real_escape_string($location)"' , '".mysql_real_escape_string($department)"' , '".mysql_real_escape_string($description)"')";

This would actually improve your protection. Also check your column name as sad above it might be that you referenced one wrong.

answered Dec 16 '15 at 20:32

mattrasman

1
1
4

This answer doesn't solve the problem and on top of that suggest a use of deprecated API. **Do not USE THIS!** – Dharman Dec 05 '19 at 18:11

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use nea

3 Answers3

Linked