-1

Error: INSERT INTO mydata (name,email,Password) VALUES (ali, hyder@gmail.com,alihyder) You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '@gmail.com,alihyder)' at line 2

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "mydb";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
if(isset($_POST['register-user'])) {
    $name = $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    $sql = "INSERT INTO mydata (name,email,Password)
            VALUES ($name, $email,$password)";

    mysqli_query($conn, $sql);

    if (mysqli_query($conn, $sql)) {
        echo "New record created successfully";
    } else {
        echo "Error: " . $sql . "<br>" . mysqli_error($conn);
    }

    mysqli_close($conn);


}
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Lucky Boy
  • 5
  • 3
  • You need to enclose string values in quotes. Though if you use query parameters instead of executing user input as code then the problem becomes moot. This is a great reference to get you started: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – David Nov 12 '17 at 11:53
  • Do not save the password in plain text, use `password_hash()` for saving and `password_verify()` for checking the password. – Progman Nov 12 '17 at 13:02
  • Can you write any example basically i am little bit begnier. so hard to understand what is write. – Lucky Boy Nov 12 '17 at 13:09

1 Answers1

1

Instead use mysqli_prepare

$stmt = mysqli_prepare($conn, "INSERT INTO mydata(name,email,Password) VALUES (?, ?, ?)");
mysqli_stmt_bind_param($stmt, "sss", $name, $email,$password);
mysqli_stmt_execute($stmt);
Niklesh Raut
  • 34,013
  • 16
  • 75
  • 109