error SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax

Question

I have a PHP code, it gets data from HTML form and insert in into SQL table. But I can do this because of error:

Here is my code:

<html>
<?
    $name = $_get['name'] ;
    $mob = $_get['mob'] ;
    $email = $_get['email'] ;

    //config
    $servername = "localhost";
    $username = "lozaair_datam";
    $password = ".8#l2)S3+d%*";
    //end-config

    //db connect
    try {
        $conn = new PDO("mysql:host=$servername;dbname=lozaair_orders", $username, $password);
        // set the PDO error mode to exception
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


        //data input

        $sql = "INSERT INTO `orders` (`name`, `mob`, `email`) VALUES ($name , $mob , $email )";

        $conn->exec($sql);
        //end- data input


        echo "New record created successfully"; 
    }
    catch(PDOException $e)
    {
        echo $sql . "<br>" . $e->getMessage();
    }
    //end- db connect

    //db close
        $conn = null;
    //end- db close
    ?>
</html>

i tried many ways but is not working.

score 1 · Answer 1 · answered Jul 12 '17 at 11:17

1

I think you need to surround your variables with single quotes in your query. Try below one:

$sql = "INSERT INTO `orders`(`name`, `mob`, `email`) VALUES('$name', '$mob', '$email')";

answered Jul 12 '17 at 11:17

Keyur Panchal

1,382
1
10
15

error SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax

1 Answers1