1

I’m trying to insert data into a certain table, which doesn’t work. Using the same code to insert into other tables work:

$sql = "INSERT INTO projects (name, desc) VALUES ('$name', '$desc')";

if($this->conn->query($sql) !== true)
{
    echo(mysqli_error($this->model->conn));
}

When using it on the table I wish to insert data into (projects), it informs me with the following:

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'desc) VALUES ('das', 'das')' at line...

On the other hand, using the same code--modifying it a slight bit:

$sql = "INSERT INTO users (forename, surname) VALUES ('$name', '$desc')";

This successfully inserts $name and $desc into the users table.

Both forename and surname in the users table, have the same types as name and desc in the projects table. The database is connected to in the “usual” way, using the object oriented version of PHP’s MySQL.

It would appear to me as though I’m not doing anything wrong. Perhaps someone has experienced something similar at some point and thus can point me in the right direction?

D. Ataro
  • 1,711
  • 17
  • 38
  • at a time you are trying to insert the data in both tables? – Soniya Basireddy Feb 10 '17 at 04:50
  • @D.Ataro Mention your projects table structure – Kishan Patel Feb 10 '17 at 04:50
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST` or `$_GET` data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Feb 10 '17 at 04:54

2 Answers2

4

I believe the issue here is your table name desc, which is a reserved MySQL keyword. See:

https://dev.mysql.com/doc/refman/5.7/en/keywords.html

Wrapping it in back ticks may work:

(name, `desc`)

When to use single quotes, double quotes, and backticks in MySQL

But I would recommend changing your table name.

Community
  • 1
  • 1
Kaylined
  • 655
  • 6
  • 15
-2

Try this:

$sql = "INSERT INTO 'projects' ('name', 'desc') VALUES ('$name', '$desc');";

This would ensure all reserved keywords are interpreted correctly, not that I see any particular keyword.

George Jones
  • 245
  • 2
  • 11