-2

So I'm working with XAMPP and I was following this tutorial on how to set up a website. Right now the webpage is takes a first name and last name. Once you submit it should place those into the database. I'm getting this error every time I try to test it: Connected "successfullyError: INSERT into 'user'('fname', 'lname') VALUES ('abc','xyz') You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''user'('fname', 'lname') VALUES ('abc','xyz')' at line 1"

Here's what the html looks like:

<!DOCTYPE html>
<html>
<body>

<form action="submit.php" method="post">
First Name:<br>
<input type="text" name="firstname">
<br>
Last Name:<br>
<input type="text" name="lastname">
<br><br>
<input type="submit" value="Submit">
</form>

</body>
</html>

And here is the file that has the php code to connect the page to the database. I am new to php and I tried to locate the syntax error, but to no avail.

<?php
$x = $_POST['firstname'];
$y = $_POST['lastname'];

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "db1";


//create connection
$conn = new mysqli($servername, $username, $password, $dbname);

//Check connection
if ($conn->connect_error)
{ 
    die("Connection failed: " . $conn->connect_error);
}

echo "Connected successfully";

$sql = "INSERT into 'user'('fname', 'lname') VALUES ('$x','$y')";

if($conn->query($sql) === TRUE)
{
  echo "That's going on your permanent record loser";  
}
else { echo "Error: " . $sql . "<br>" . $conn->error; }

$conn->close();
?>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Asa Murphy
  • 71
  • 7
  • Try to change `$sql = "INSERT into 'user'('fname', 'lname') VALUES ('$x','$y')";` to `$sql = "INSERT INTO user (fname, lname) VALUES ('$x','$y')";` – little_coder Nov 14 '19 at 02:12
  • Didn't work. I tried something like that earlier. – Asa Murphy Nov 14 '19 at 02:17
  • 1
    what are the columns in `user`? If the column names are not being written correctly or you are missing columns it will not work. Also, check out `mysqli::bind_param()`. Right now this code is extremely insecure. – ezra Nov 14 '19 at 02:19
  • Your MySql query has qoute on the table name. Also use prepared statement. – little_coder Nov 14 '19 at 02:20
  • @E2017 The columns are fname and lname. theres an id column as well but I set that to be Automatically iterated. – Asa Murphy Nov 14 '19 at 02:25

1 Answers1

0

The only problem that I see that you use a single quote ' to your table and column instead of using "`". The single quote are use as string delimiter. Try changing this part

'user'('fname', 'lname')

into

`user`(`fname`, `lname`)
Francis G
  • 1,040
  • 1
  • 7
  • 21