0

i have an stored procedure InsertStudent in MySQL DB which is working fine from database, now i am calling the above Sp from php by giving all the parameter its giving following error 

    Error: CALL InsertStudent(Mohd Maaz,455,1,2,0)
    You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server  
 version for the right syntax to use near 'Maaz,455,1,2,0)' at line 1

here is my code 

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "funed";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$StudentName = "Mohd Maaz";
$StudentClass = 1;
$StudentRollNo = 455;
$StudentSection = 2;
$StudentIsdltd = 0;


$sql = "CALL InsertStudent(".$StudentName.",".$StudentRollNo.",".$StudentClass.",".$StudentSection.",".$StudentIsdltd.")";
if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
} 

$conn->close();
?>
  • Alternatively - learn to use prepared statements as it will stop code vulnerabilities and problems with quotes in text etc. – Nigel Ren Dec 16 '18 at 07:31

1 Answers1

0

You just forgot to quote the parameters

replace 

$sql = "CALL InsertStudent(".$StudentName.",".$StudentRollNo.",".$StudentClass.",".$StudentSection.",".$StudentIsdltd.")";

with 

$sql = "CALL InsertStudent('".$StudentName."','".$StudentRollNo."','".$StudentClass."','".$StudentSection."','".$StudentIsdltd."')";

or I prefer to use the variables in the string directly without concatenating

$sql = "CALL InsertStudent('$StudentName','$StudentRollNo','$StudentClass','$StudentSection','$StudentIsdltd')";
Accountant م
  • 6,975
  • 3
  • 41
  • 61