Unable to perform mysql table insertion

Question

I am unable to find any error shown but for some reason there is still an issue entering data into my table using SQL. I am new to coding and am not really sure what the issue is . I am sure that everything that needs to be passed and given is done but the mysql query is where it goes wrong and i am not able to understand why . could someone please help me out ?

<?php
session_start();
$conb = mysqli_connect("127.0.0.1","root","","demo");
$sellmail = $_SESSION['sellermaill'];
$buyermail = $_POST['email'];
$bid = $_POST["bid"];
$title = $_SESSION["Titleofp"];
echo"$sellmail";
echo"$buyermail";
echo"$bid";
echo"$title";
$mysqlbuy = "INSERT INTO buyer (Seller Mail,Buyer Mail,Bid,Product Title) VALUES ('$sellmail','$buyermail','$bid','$title')";
$mysqlsellq = mysqli_query($conb,$mysqlbuy);
if(!$mysqlsellq)
    {echo "Your Bid has not been saved ";}
else echo "Your Bid has been Saved ";

?>

Error

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Mail,Seller Mail,Product Title,Bid) VALUES ('rao.7@gmail.com','rsk101295@gmail.c' at line 1

i used the error function . this is what im getting " You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Mail,Seller Mail,Product Title,Bid) VALUES ('rao.7@gmail.com','rsk101295@gmail.c' at line 1" — Ritesh Kumar, Jun 10 '16 at 17:48
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Jun 10 '16 at 17:51
Have you checked your error logs? You're making an assumption the query is working. Add error reporting to the top of your file(s) right after your opening ` — Jay Blanchard, Jun 10 '16 at 17:52

score 0 · Accepted Answer · edited May 23 '17 at 12:08

0

(I) Change your column name in Database table:

1)Seller Mail to Seller_Mail

2)Buyer Mail to Buyer_Mail

3)Product Title to Product_Title

Then insert

$mysqlbuy = "INSERT INTO buyer (Seller_Mail,Buyer_Mail,Bid,Product_Title) VALUES ('$sellmail','$buyermail','$bid','$title')";

Embedded spaces or special characters are NOT ALLOWED in column name.

For more info, click Characters that are not allowed in table name & column name

OR

(II)

If, you don't want to put underscore in column name or don't want to modify your column name. Use like this. (Use Backtick to enclose column name.). But, make sure you follow naming conventions of column name.

$mysqlbuy = "INSERT INTO buyer (`Seller Mail`,`Buyer Mail`,`Bid`,`Product Title`) VALUES ('$sellmail','$buyermail','$bid','$title')";

For more info, Please click How to select a column name with space between in mysql

Find Backtick in Keyboard:

edited May 23 '17 at 12:08

Community

1
1

answered Jun 10 '16 at 17:54

Nana Partykar

10,556
10
48
77

1

This is a question regarding MySQL (MariaDB) - http://stackoverflow.com/a/14190833/5102087, not MSSQL in which case these rules apply. – vsharper Jun 10 '16 at 18:08
1

Spaces in column names are super annoying to deal with and are best avoided. – tadman Jun 10 '16 at 18:57
1

Nana Partykar . Thanks a lot . the spaces were the problem . so i removed them and it started working . Appreciate it a lot :) – Ritesh Kumar Jun 11 '16 at 06:46
@RiteshKumar : If this answer helped you, then please don't forget to mark my answer as correct answer. As it will help other user to find this answer easily. – Nana Partykar Jun 11 '16 at 10:06
1

Special thanks for showing where exactly is the backtick – Aatif Akhter Jun 13 '16 at 12:25

Unable to perform mysql table insertion

1 Answers1