Error using variables in a query

Question

Error using variables in a query

Asked 9 years, 5 months ago

Viewed 120 times

0

Good morning, I am new in PHP and am trying to make a form that puts the data in a mysql bd.

HTML Code (Bootstrap):

<div class="form-group">
  <label for="nome" class="col-md-1 control-label">Nome:</label>
  <div class="col-md-11">
    <input type="text" id="nome" name="nome" class="form-control" placeholder="Hubert Weber Xylo, 2012"></input>
  </div>
</div>

<div class="form-group">
  <label for="descricao" class="col-md-1 control-label">Descrição:</label>
  <div class="col-md-11">
    <textarea name="descricao" class="form-control" rows="3"></textarea>
  </div>
</div>

Code info.php:

<?php
  $connect = mysql_connect("localhost", "root", "1234");
  if (!$connect) {
    die('Connection Failed:' .mysql_error());
  }
  mysql_select_db("db_teste", $connect);

  $nome = $_POST['nome'];
  $descricao = $_POST['descricao'];

  $user_info = "INSERT INTO 'mytable' ( `NOME`, `DESCRICAO` ) VALUES ( $nome,  $descricao )";

  if (!mysql_query($user_info, $connect)) {
    die('Error: ' . mysql_error());
  }
  echo 'Cadastro concluido.';
  mysql_close($connect);

But the mistake I’m getting is this::

Error: You have an error in your SQL syntax; check the manual that Corresponds to your Mysql server version for the right syntax to use near ''mytable' ( NOME, DESCRICAO ) VALUES ( Testenome, Testedesc )' at line 1

What I’m doing wrong?

3

The values $nome and $descricao should be in quotes: "INSERT INTO nome_tabela ( NOME, DESC ) VALUES ( '$nome', '$descricao' )"

– Oeslei

2015/06/16 at 12:35
Remember: it is completely unsafe to perform queries this way in PHP. Read more about PDO: http://php.net/manual/en/book.pdo.php and/or use a framework (Laravel 4/5 for example, or Codeigniter if you don’t already have experience with frameworks - later migrate to Laravel).

– Patrick Maciel

2015/06/16 at 12:41
Now the error is: Error: You have an error in your SQL syntax; check the manual that Corresponds to your Mysql server version for the right syntax to use near ''' ( NOME, DESC ' at line 1

– MrMadBacon

2015/06/16 at 12:41

4 answers

-1

I managed to solve! I put the whole string of $user_info with single quotes and VALUES with double quotes. It worked!

If possible put the code as it was.

– KaduAmaral

2015/06/16 at 13:33
I edited the right code :)

– MrMadBacon

2015/06/18 at 14:34

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.

by Felippe Tadeu • **519** points · Answer 1 · 2015-06-16T12:50:17+00:00

0

Good morning.

As already mentioned in the comments, use PDO for greater security in the execution of queries.

About the error, in your case use the following querie:

INSERT INTO TABELA (NOME, DESC) VALUES ("$nome", "$descricao");

When I put double quotes this appears: Parse error: syntax error, Unexpected '$name' (T_VARIABLE) in C: xampp htdocs db_test info.php on line 33

– MrMadBacon

2015/06/16 at 13:16
Um.. one thing I saw there was that I was using a reserved word, DESC. But I already switched to DESCRICAO at the bank, and changed the code. But the error remains the same

– MrMadBacon

2015/06/16 at 13:23

by Adir Kuhn • **2,342** points · Answer 2 · 2015-06-16T13:25:35+00:00

you have to put the string in quotes and escape to avoid error in PHP

$user_info = "INSERT INTO 'mytable' ( `NOME`, `DESC` ) VALUES ( \"$nome\",  \"$descricao\" )";

by Cesar de Barros • **546** points · Answer 3 · 2015-07-01T02:50:44+00:00

Try placing the variables within the query wrapped in single quotes. something like:

( '$nome',  '$descricao' )

With me it works like this. After all, your string uses double quotes.