Logo Questions Linux Laravel Mysql Ubuntu Git Menu

Insert into MySQL Table PHP

I am having some trouble making a simple form to insert data into a MySQL table. I keep getting this SQL error:

"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'stock ('ItemNumber', 'Stock') VALUES ('#4','3'')' at line 1"

My HTML for the form is:

    <form action="database.php" method="post">
    Item Number: <input type="text" name="ItemNumber">
    Stock: <input type="text" name="Stock">
    <input type="submit">

And the PHP is:

    if (mysqli_connect_errno($con))
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
     $sql = "INSERT INTO current stock ('ItemNumber', 'Stock')
    if (!mysqli_query($con,$sql))
      die('Error: ' . mysqli_error($con));
    echo "1 record added";
like image 832
Jake Ols Avatar asked Mar 23 '23 20:03

Jake Ols

1 Answers

try this

you should not use quotes of parameter around POST . and you should use them inside POST

       $sql = "INSERT INTO `current stock` (ItemNumber, Stock)
         ('".$_POST['ItemNumber']."', '".$_POST['Stock']."' )";

you should escape your variables before you insert them to mysql like that

  • Note that the example does not call mysqli_real_escape_string. You would only need to use mysqli_real_escape_string if you were embedding the string directly in the query, but I would advise you to never do this. Always use parameters whenever possible.
like image 154
echo_Me Avatar answered Apr 01 '23 04:04