PHP doesn't receive data from html form

Question

Parse error: syntax error, unexpected '"', '"' (T_CONSTANT_ENCAPSED_STRING)

I am trying to insert data from html form to database and I am getting an error

$sql="INSERT INTO shooting VALUES ('".$_POST["name"]"', '".$_POST["date"]"', '".$_POST["time"]"', '".$_POST["status"]')";

**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, May 28 '18 at 18:08

score -2 · Answer 1 · answered May 28 '18 at 17:27

-2

Hi there is issue in your syntax kindly check below.

 $sql="INSERT INTO shooting VALUES ('".$_POST["name"]."', '".$_POST["date"]."', '".$_POST["time"]."', '".$_POST["status"]."')";

And you should use mysql_real_escape_string method to prevent SQL injection.

$date = mysql_real_escape_string($_POST["date"]);

And insert $date variable in database.

answered May 28 '18 at 17:27

Devraj verma

1

Should be using `mysqli_*`. Any `mysql_*` has long been deprecated and completely removed PHP 7+ – Cisco May 28 '18 at 17:30
There would be many suggestion but straight forward there is missing `.` dot – Niklesh Raut May 28 '18 at 17:31
@ Francisco Mateo i just suggested. There is lot of ways for it. So you don't have to rights to down vote my answer if there is not useful then you can down vote otherwise stay same. – Devraj verma May 28 '18 at 17:33
@devraj : I down voted because this doesn't help to solve the problem. – Niklesh Raut May 28 '18 at 17:37
@ C2486 May i know what is issue in my answer? – Devraj verma May 28 '18 at 17:41

1 Answers1