Insert Into returning a syntax error in SQL

Question

PHP

<?php
        $server_name= "localhost";
        $db_user="root";
        $db_password="";
        $db_name="digitalmarketing";

        $connection=mysqli_connect($server_name,$db_user,$db_password,$db_name);
        $dbconfig=mysqli_select_db($connection,$db_name);

        session_start();
        $_SESSION['message']='';

        if($_SERVER['REQUEST_METHOD']=='POST')
        {
            $title= mysqli_real_escape_string($connection,$_POST['title']);
            $Des= mysqli_real_escape_string($connection,$_POST['des']);
            $imagepath= mysqli_real_escape_string($connection,'Projects/'.$_FILES['filename']['name']);
            $link= mysqli_real_escape_string($connection,$_POST['link']);
            echo $title,"           ";
            echo $Des,"           ";
            echo $imagepath,"           ";
            echo $link," \n          ";

            if(preg_match("!image!",$_FILES['filename']['type'])){
                if(copy($_FILES['filename']['tmp_name'],$imagepath)){
                    $query="INSERT INTO `project` (`id`, `Title`, `Description`, `Image`, `Site`) VALUES (NULL, $title, $Des, $imagepath, $link)";
                    if(mysqli_query($connection, $query))
                    {
                        echo "success";
                    }
                    else {
                        echo "Error: " . $query . "<br>" . mysqli_error($connection);
                    }
                }
            }
        }

Error

Error: INSERT INTO project (id, Title, Description, Image, Site) VALUES (NULL, TitleHere, DescripHere, Projects/Screenshot 2021-03-18 222903.png, https://www.w3schools.com/tags/att_input_type.asp) You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '2021-03-18 222903.png, https://www.w3schools.com/tags/att_input_type.asp)' at line 1

Why am I getting this error?

Enclose the strings in single quotes, in the insert query – ash__939 Apr 02 '21 at 08:51 — ash__939, Apr 02 '21 at 08:51
@Ash1271 Like this? if(mysqli_query($connection, '$query')) – Anshul Apr 02 '21 at 08:55 — Anshul, Apr 02 '21 at 08:55

ash__939 · Accepted Answer · 2021-04-02T09:00:46.893

0

Change

$query="INSERT INTO `project` (`id`, `Title`, `Description`, `Image`, `Site`) VALUES (NULL, $title, $Des, $imagepath, $link)";

to

$query="INSERT INTO `project` (`id`, `Title`, `Description`, `Image`, `Site`) VALUES (NULL, '$title', '$Des', '$imagepath', '$link')";

Extra: Read about using prepared statements and use it. https://www.tutorialrepublic.com/php-tutorial/php-mysql-prepared-statements.php

edited Apr 02 '21 at 09:00

answered Apr 02 '21 at 08:55

ash__939

1,614
2
12
21

I did, it says to wait for 3 min idk why. Bro I need one more small help, am I allowed to dm you? – Anshul Apr 02 '21 at 09:01
@Anshul I don't know if it has direct message facility. You can ask in the comment box. – ash__939 Apr 02 '21 at 09:56

Insert Into returning a syntax error in SQL

1 Answers1