-2

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's Stone','1','J. K. Rowling','J. K. Rowling','J. K. Rowling','J. K. Rowling','J.' at line 2

CODE:

mysqli_query($con,"insert into book(book_title,category_id,author,author_2,author_3,author_4,author_5,book_copies,book_pub,publisher_name,isbn,copyright_year,status,book_barcode,book_image,date_added,remarks)
                VALUES('$book_title','$category_id','$author','$author_2','$author_3','$author_4','$author_5','$book_copies','$book_pub','$publisher_name','$isbn','$copyright_year','$status','$gen','$book_image',NOW(),'$remark')")or die(mysqli_error($con));
Nigel Ren
  • 56,122
  • 11
  • 43
  • 55
user8522457
  • 1
  • 4
    Never concatenate SQL strings. Use parameters and this problem as well as lots of security issues will disappear. – Sami Kuhmonen Jul 04 '18 at 04:29
  • 3
    Possible duplicate of [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Mike Jul 04 '18 at 04:29
  • You need to sue the pants off whoever taught you how to database in PHP. – Ignacio Vazquez-Abrams Jul 04 '18 at 04:40
  • 3
    Looks like your inserting `philosopher's stone` and the quote in it is interfering with the quotes in the SQL. Which is why using prepared statements will solve the problem and a few others. – Nigel Ren Jul 04 '18 at 05:43

1 Answers1

1

Your parameters expand to values that have single quotes that break the syntax. Use prepared statements to prevent this (and other bad things) from happening.

Here's an example of how it could be done (copied mostly from these examples):

if ($stmt = mysqli_prepare($con, "insert into book(book_title,category_id,author,author_2,author_3,author_4,author_5,book_copies,book_pub,publisher_name,isbn,copyright_year,status,book_barcode,book_image,date_added,remarks) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,NOW(),?)")) {
    mysqli_stmt_bind_param($stmt, "sdsssssddssdsssss", $book_title,$category_id,$author,$author_2,$author_3,$author_4,$author_5,$book_copies,$book_pub,$publisher_name,$isbn,$copyright_year,$status,$gen,$book_image,$remark);
    mysqli_execute($stmt);
    mysqli_stmt_close($stmt);
}
markusjm
  • 2,358
  • 1
  • 11
  • 23