0

im trying to add data into my database using the data that the user inputs into an html form. Here's my code:

<?php

error_reporting(E_ALL);

$conn = new mysqli(/* private infos hidden on stackoverflow */);

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

if(isset($_POST['submitButton'])) {

    $getName = $_POST['name'];

    $query = "INSERT INTO data ('name') VALUES ('$getName')";

    if ($conn->query($query) === TRUE) {
        echo "New record created successfully";
    } else {
        echo "Error: " . $query . "<br>" . $conn->error;
    }

    $conn->close();
}
?>

<html>

<form method="post">
    Name: <input type="text" name="name"><br>
    <input type="submit" name="submitButton">
</form>

</html>

i get this error:

Error: INSERT INTO data ('name') VALUES ('', '', '', '', '')

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''name') VALU' at line 1

** WHAT I ALREADY TRIED: **

  • "INSERT INTO data ('name') VALUES ('$getName')";

  • "INSERT INTO data ('name') VALUES ($getName)";

  • "INSERT INTO data (name) VALUES ('$getName')";

  • "INSERT INTO 'data' ('name') VALUES ('$getName')";

  • "INSERT INTO data (name) VALUES ($getName)";

  • "INSERT INTO data (name) VALUES '$getName'";

thanks for any help guys

Community
  • 1
  • 1
Michael
  • 503
  • 8
  • 18
  • Since you are just learning, you might want to start with prepared statements now (before you learn the wrong way to run queries and need to re-learn it). The way you are trying to run a query is *extremely* unsafe and is just asking for SQL injection attacks. See: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php See also: http://bobby-tables.com/ – gen_Eric Mar 28 '17 at 16:38
  • 1
    Why does your error message show `VALUES ('', '', '', '', '')`? What *exactly* are you entering into this input field? If you are just entering in a name, then this error makes no sense! – gen_Eric Mar 28 '17 at 16:41
  • Name is a reserved word. Use backticks – Rotimi Mar 28 '17 at 16:43
  • It's just a keyword, not a reserved one, so ticks aren't needed. But doesn't hurt either! – Qirel Mar 28 '17 at 16:56
  • *"Name is a reserved word. Use backticks"* - No, `name` is not a reserved word, it's a "keyword" - https://dev.mysql.com/doc/refman/5.7/en/keywords.html - Two different animals here. – Funk Forty Niner Mar 28 '17 at 19:58
  • As @RocketHazmat stated; for what you posted for code and the error, "it never happened". – Funk Forty Niner Mar 28 '17 at 20:09

3 Answers3

0

Should work fine:

$query = "INSERT INTO `data` (`name`) VALUES ('$getName')";

Edit: Forgot about the backticks arround data keyword.

Hienz
  • 688
  • 7
  • 21
  • *"Forgot about the backticks arround data keyword."* - They're only a "keyword" and not a reserved word - https://dev.mysql.com/doc/refman/5.7/en/keywords.html - So there's no need to tick that. They had regular quotes rather than ticks or none at all. – Funk Forty Niner Mar 28 '17 at 19:56
-1

Or

INSERT INTO data (name)

Or

INSERT INTO data (`name`)

upd.: The words "name" and "data" are reserved in SQL and use them as table and field names is a bad idea.

Lexx918
  • 212
  • 2
  • 13
  • What this answer is trying to say is that the column name (and table name) need to wrapped in *backticks*, not single quotes. – gen_Eric Mar 28 '17 at 16:42
  • *"The words "name" and "data" are reserved in SQL"* - No they're not reserved words, they're "keywords" - https://dev.mysql.com/doc/refman/5.7/en/keywords.html - Two different animals here. – Funk Forty Niner Mar 28 '17 at 19:55
  • In the context _reserved words_ == _keywords_ (: – Lexx918 Mar 28 '17 at 22:11
-2

INSERT INTO data ('name') VALUES ('', '', '', '', '') -> how many columns do you have in that particular table ? 5 ? if so, you need to look into the doc -> INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3,...)

OldPadawan
  • 1,247
  • 3
  • 16
  • 25