-1
<?php
$con=mysql_connect('localhost', '   ', '    ') ;
$db=mysql_select_db('    ') ;
$name=$_POST['name'];
$email=$_POST['email'];
$mobile=$_POST'mobile'];
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO user (name, email, mobile)
VALUES ('$name', '$email', '$mobile')";
if ($con->query($sql) === TRUE) 
{
echo "New record created successfully";
} 
else{
    echo "Error: " . $sql . "<br>" . $con->error;
}
$con->close();
?>`

i am trying to insert data into my table but it throwing a error help me to solve this problem .

my error:

syntax error, unexpected ''mobile'' (T_CONSTANT_ENCAPSED_STRING)
charan
  • 1
  • 4

1 Answers1

1

This is suppposed to be a comment, but i have a low reputation here.

Before i answer your question, please do not use the mysql functions as its no longer supported . Consider a switch to either MYSQLI or PDO. Also, do not trust user input. Meaning do not directly post field values from your form to your database as an attcker can easily exploit it by adding funny javascripts or worse. It wont work because, you forgot to open the square brackets,

$mobile = $_POST['mobile'];

To your question, try this:

  $sql = "INSERT INTO user (`name`, `email`, `mobile`)VALUES 
 ('".mysqli_real_escape_string($con,$_POST['name'])."', 
 '".mysqli_real_escape_string($con,$_POST['email'])."', 
 '".mysqli_real_escape_string($con,$_POST['mobile'])."')";

where the variable $conn is your database connection

Rotimi
  • 4,783
  • 4
  • 18
  • 27