-2

I had written a php code and used apache to link it to database but the data won't enter into the table. Can anyone help??

I tried to create a dynamic website where values would be entered in the database [text]

<?php
$con=mysqli_connect("localhost","root");
if($con){
    echo "Connection Successful";
}
else
{
    echo "No Connection";
}
mysqli_select_db($con,"project");
$user=$_POST['user'];
$email=$_POST['email'];
$mobile=$_POST['mobile'];
$comments=$_POST['comments'];

$query="insert into projectinfodata('User','Email','Mobile','Comments') values('$user','$email','$mobile','$comments')";

mysqli_query($con,$query);
header("location:index.php");
?>

i wrote this code but it didn't work

Dharman
  • 30,962
  • 25
  • 85
  • 135
Mayank Garg
  • 1
  • 4
    Whatever tutorial or example you're using, get rid of it. The code shown is (1) wide open to [SQL injection](https://stackoverflow.com/q/332365/328193) and (2) assumes the success of the database operation without checking for errors. – David Aug 09 '23 at 11:43
  • [When to use single quotes, double quotes, and backticks in MySQL](https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks-in-mysql) – brombeer Aug 09 '23 at 11:44
  • Quotes are for strings, not identifiers. `'User'` should be `User` or `\`User\``. The same with all column/identifiers. None of those are reserved terms so unquoted should be fine. `An identifier may be quoted or unquoted. If an identifier contains special characters or is a reserved word, you must quote it whenever you refer to it.` – user3783243 Aug 09 '23 at 12:00
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Aug 09 '23 at 14:28

0 Answers0