MYSQL database storing error

Question

Error: INSERT INTO grocery ('GrocerID', 'GrocerName', 'Address', 'LogoImage') VALUES ('GID0072', 'BigBazaar','India, Andhra Pradesh, 522124','WIN_20150817_121614.JPG') You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''GrocerID', 'GrocerName', 'Address', 'LogoImage') VALUES ('GID0072', 'BigBazaar' at line 1

    <?php
$servername = "localhost";
$username = "root";
$password = "secret";
$dbname = "task";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

$GrocerID=$_POST['GrocerID']; 
$GrocerName=$_POST['GrocerName'] ;
$Address=$_POST['Address'];
$LogoImage=$_POST['LogoImage'] ;




// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "INSERT INTO grocery ('GrocerID', 'GrocerName', 'Address', 'LogoImage')
VALUES ('$GrocerID', '$GrocerName','$Address','$LogoImage')";

if ($conn->query($sql) === TRUE) {
    header('Location:task.html');
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

Data Base image

Can someone please tell me what the mistake I'm doing here??

I have used database name: task, table name: grocery But i'm not able to understand where I'm doing the mistake.

Thankyou

Remove `quotes` from `column name` instead use `backtick` !! — Saty, Dec 17 '15 at 10:39
check http://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks — Saty, Dec 17 '15 at 10:41
A backtick is this symbol " ` " it is the key on the left of the "1 and !" key — BRoebie, Dec 17 '15 at 10:42

score 1 · Answer 1 · answered Dec 17 '15 at 10:40

1

not write coloumn in '' use backticks ``

INSERT INTO grocery 
(GrocerID, GrocerName, Address, LogoImage) 
VALUES ('GID0072', 'BigBazaar','India, Andhra Pradesh, 522124','WIN_20150817_121614.JPG')

answered Dec 17 '15 at 10:40

Abhishek Sharma

6,689
1
14
20

Nana Partykar · Answer 2 · 2015-12-17T11:08:14.363

Either Remove '

INSERT INTO grocery 
(GrocerID, GrocerName, Address, LogoImage) 
VALUES ('GID0072', 'BigBazaar','India, Andhra Pradesh, 522124','WIN_20150817_121614.JPG')

OR

Replace ' with ` (backtick)

[NOTE: You can find backtick below Esc key in keyboard]

INSERT INTO grocery 
(`GrocerID`, `GrocerName`, `Address`, `LogoImage`) 
VALUES ('GID0072', 'BigBazaar','India, Andhra Pradesh, 522124','WIN_20150817_121614.JPG')

And, Use real_escape_string() to prevent SQL Injection Attacks

PHP provides real_escape_string() to escape special characters in a string before sending a query to MySQL. This function was adopted by many to escape single quotes in strings and by the same occasion prevent SQL injection attacks. However, it can create serious security flaws when it is not used correctly.

$GrocerName = $conn->real_escape_string($_POST['GrocerName']);
$Address = $conn->real_escape_string($_POST['Address']);
$LogoImage = $conn->real_escape_string($_POST['LogoImage']);

Also provide some tips regarding sql injection to make your answer better!! — Saty, Dec 17 '15 at 10:47

score 0 · Answer 3 · edited Dec 17 '15 at 11:36

0

$sql = "INSERT INTO grocery (`GrocerID`, `GrocerName`, `Address`, `LogoImage`)
        VALUES ('$GrocerID', '$GrocerName','$Address','$LogoImage')";

Do not use quotes for column_name.

edited Dec 17 '15 at 11:36

Shahzad Barkati

2,532
6
25
33

answered Dec 17 '15 at 10:45

Shailesh Katarmal

2,757
1
12
15

MYSQL database storing error

3 Answers3