-2

I'm taking data in a form and passing it using POST method and trying to insert the data in my database. I'm using this code:

<?php
$servername = "";
$username = "";
$password = "";
$dbname = "";

$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
    } 

if(isset($_POST['submit'])){ 
$leadExecSPOC = $_POST['leadExecSPOC'];
$leadExecVertFin = $_POST['leadExecVertFin'];
$leadGenPerson = $_POST['leadGenPerson'];
$leadGenVert = $_POST['leadGenVert'];
$leadGenVertOther = $_POST['leadGenOther'];
$leadExecPerson = $_POST['leadExecPerson'];
$leadExecVert = $_POST['leadExecVert'];
$leadExecVertOther = $_POST['leadExecOther'];
$periodStart = $_POST['periodStart'];
$periodEnd = $_POST['periodEnd'];
$custName = $_POST['custName'];
$sales = $_POST['sales'];
$gp = $_POST['gp'];
$invoiceGenDate = $_POST['invoiceGenDate'];
$dateReceiptAmt = $_POST['dateReceiptAmt'];

$sql = "INSERT INTO cross(leadExecSPOC, leadExecVertFin, leadGenPerson, leadGenVert, leadGenVertOther, leadExecPerson, leadExecVert, leadExecVertOther, periodStart, periodEnd, custName, sales, gp, invoiceGenDate, dateReceiptAmt) VALUES ('$leadExecSPOC', '$leadExecVertFin', '$leadGenPerson', '$leadGenVert', '$leadGenVertOther', '$leadExecPerson', '$leadExecVert', '$leadExecVertOther', '$periodStart', '$periodEnd', '$custName', '$sales', '$gp', '$invoiceGenDate', '$dateReceiptAmt')";

if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}

}
$conn->close();
?>

And whenever I run it, I get this error:

Error: INSERT INTO cross(leadExecSPOC, leadExecVertFin, leadGenPerson, leadGenVert, leadGenVertOther, leadExecPerson, leadExecVert, leadExecVertOther, periodStart, periodEnd, custName, sales, gp, invoiceGenDate, dateReceiptAmt) VALUES ('a', 'a', 'a', 'acci-ff-cha', 'a', 'a', 'acci-ff-cha', 'a', '2016-05-03', '2016-05-18', 'a', '1', '1', '2016-05-24', '2016-05-17') You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'cross(leadExecSPOC, leadExecVertFin, leadGenPerson, leadGenVert, `leadGe' at line 1

MySQL version: 5.6.27-76.0

PHP version: 5.4.45

PS: Already tried using back-ticks for column names.

Idhanta Kakkar
  • 19
  • 4
  • Please find a proper title, unsless you don't want attract downvotes or risk a close – pguetschow May 30 '16 at 18:20
  • 1
    `right syntax to use near 'cross` - It was telling you where that error was. – Funk Forty Niner May 30 '16 at 18:26
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST` or `$_GET` data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman May 30 '16 at 19:29

2 Answers2

2

cross is reserved word in mysql

https://dev.mysql.com/doc/refman/5.5/en/keywords.html

and you should'n use it. If you have to, you must QUOTE it - see my link

nospor
  • 4,190
  • 1
  • 16
  • 25
0

Correct the query syntax

INSERT INTO `cross` (`leadExecSPOC`, `leadExecVertFin`, `leadGenPerson`, `leadGenVert`, `leadGenVertOther`, `leadExecPerson`, leadExecVert, leadExecVertOther, `periodStart`, periodEnd, custName, `sales`, `gp`, invoiceGenDate, dateReceiptAmt) VALUES ('$leadExecSPOC', '$leadExecVertFin', '$leadGenPerson', '$leadGenVert', '$leadGenVertOther', '$leadExecPerson', '$leadExecVert', '$leadExecVertOther', '$periodStart', '$periodEnd', '$custName', '$sales', '$gp', '$invoiceGenDate', '$dateReceiptAmt')";
Aditya
  • 861
  • 5
  • 8