SQLSTATE[42000]: Syntax error or access violation: 1064

Question

I am trying to make a form which insert values in database using PDO

<?php
if(isset($_POST["submit"])){
$hostname='localhost';
$username='kod';
$password='';

try {
    $dbh = new PDO("mysql:host=$hostname;dbname=kod",$username,$password);

    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 


$sql = "INSERT INTO `user` (`OwnerName`, `PhoneNumber`, `EmailId`, `AdharNumber`, `Address`, `OutletName`, `OutletAddress`)
VALUES (`".$_POST[`OwnerName`]."`,
        `".$_POST[`PhoneNumber`]."`,
        `".$_POST[`EmailId`]."`
        `".$_POST[`AdharNumber`]."`,
        `".$_POST[`Address`]."`,
        `".$_POST[`OutletName`]."`,
        `".$_POST[`OutletAddress`]."`,)";


if ($dbh->query($sql)) {
    header("Location: AdminProfile.php ");
     //echo "<script type= 'text/javascript'>alert('New Record Inserted Successfully');</script>";
} 
else{
     echo "<script type= 'text/javascript'>alert('Data not successfully Inserted.');</script>";
}

    $dbh = null;
    }
catch(PDOException $e)
    {
    echo $e->getMessage();
    }

}
?>

and now I am getting this error

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')' at line 8

kindly help

Try doing a var_dump() of $sql. It will likely make the error a lot clearer. — Erik Baars, Sep 09 '17 at 20:23
Also, you should really use a prepared statement, as youre leaving yourself wide open to SQL injections this way — Erik Baars, Sep 09 '17 at 20:24
"kindly help" as in "I didn't even attempt to have any thoughts on the error message" ? — mario, Sep 09 '17 at 20:32
@Mario I tried searching for error I read almost all the thread and question yet was unable to solve that's why I asked for help — Skyline Geek, Sep 09 '17 at 20:34
Sure. That would have been relevant information. Btw, the right thing to google for would have been the "`the right syntax to use near ')' `" part. That you haven't found anything is entirely plausible. Which is why those questions are considered "too localized" here. -- Nonetheless an error that's unlikely to materialize with parameter binding. — mario, Sep 09 '17 at 20:39

score 2 · Answer 1 · answered Sep 09 '17 at 20:25

2

Remove the , after $_POST['OutletAddress'] line.

 `".$_POST[`OutletAddress`]."`)";

TIP: use prepared statements to contruct your SQL query. It is more efficient, secure & readable.

answered Sep 09 '17 at 20:25

Deepansh Sachdeva

1,168
9
16

1

And no backticks for values – juergen d Sep 09 '17 at 20:31
can you provide me one. I am new to this – Skyline Geek Sep 09 '17 at 20:32
1

PHP.net has an extensive manual about prepared statements: http://php.net/manual/en/pdo.prepared-statements.php. If that is not clear enough, just google "PDO prepared statement tutorial" and pick the one that you like. – Erik Baars Sep 09 '17 at 20:37
still getting the same error – Skyline Geek Sep 09 '17 at 20:39
@SkylineGeek I think you are missing out on syntax while creating your query. Please use prepared statements as Erik suggested. – Deepansh Sachdeva Sep 09 '17 at 20:42

SQLSTATE[42000]: Syntax error or access violation: 1064

1 Answers1