read the input name as a row in the database table

Question

when i try to add a new studio in my php application in this example i use newstudio as a name i get this error i think that it read the name i give as a row in the database table Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42S22]: Column not found: 1054 Champ 'newstudio' inconnu dans field list'

private $conn;

public function __construct()
{
    $database = new Database();
    $db = $database->dbConnection();
    $this->conn = $db;
}
public function addStudio($sname,$sdes,$sidusr)
{
    $stmt = $this->conn->prepare("INSERT INTO studio (name,des,idusr) VALUES ($sname,$sdes, $sidusr)");
    $stmt->execute();
}

Answer 1

if you have string value you should use single quote around these vars

public function addStudio($sname,$sdes,$sidusr)
{
    $stmt = $this->conn->prepare("INSERT INTO studio (name,des,idusr)
          VALUES ('$sname','$sdes', '$sidusr')");
$stmt->execute();
}

or you could use a parametrized query

public function addStudio($sname,$sdes,$sidusr)
{
    $stmt = $this->conn->prepare("INSERT INTO studio (name,des,idusr)
          VALUES (:sname,:sdes, ':sidusr)");
    $stmt->bindParam(':sname', $sname);
    $stmt->bindParam(':sdes', $sdes);
    $stmt->bindParam(':sidusr', $sidusr);

    $stmt->execute();
}

Answer 2

Values require a ' wrapped around it, but don't add it yourself. You are already using prepare(), make use of it.

public function addStudio($sname,$sdes,$sidusr){
  $stmt = $this->conn->prepare("INSERT INTO studio (name,des,idusr) VALUES (?,?,?)");
  $stmt->execute([$sname, $sdes, $sidusr]);
}

Also, you should actually check the value of $stmt and verify if execute() did its job correctly.