-1
$ProjectName = $_POST['ProjectName'];
$ProjectModule = $_POST['ProjectModule'];
$ProjectDescription = $_POST['ProjectDescription'];

$sql = "INSERT INTO database (ProjectName,ProjectModule,ProjectDescription) VALUES (". mysql_real_escape_string($ProjectName) .",".mysql_real_escape_string($ProjectModule).",".mysql_real_escape_string($ProjectDescription).")";

I'm facing below error.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'database (ProjectName,ProjectModule,ProjectDescription) VALUES (sankaran,sankar' at line 1

What's the solution please say me

Arivananth Krishnamoorthy
  • 1
  • Are you kidding me, you have a table name called `database` ? Check the manual for mysql reserved keywords. – Abhik Chakraborty May 26 '16 at 10:04
  • 1
    `database` is a keyword in SQL. either change your table name to another or try using backtick(`) to wrap table name – Ali May 26 '16 at 10:05
  • \`database\` instead of database – Stan May 26 '16 at 10:06
  • **Warning**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) which has been **removed** entirely from the latest version of PHP. You should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). – Quentin May 26 '16 at 10:06
  • You should really name your table something other than ````database```` as has already been pointed out (or escape it) but if you get a syntax error in the SQL query then look at the query. Just do a ````echo $sql;```` and you will see that your query is built together without any quotes around the strings. I urge you to read up on your SQL and PHP MySQL before proceeding with building an application. – kb. May 26 '16 at 10:06

1 Answers1

1

database is a reserved keyword in MySQL and needs to be escaped by backticks.

Actually you should rename your table since database says nothing about the content of a table.

juergen d
  • 201,996
  • 37
  • 293
  • 362