Error using variables in a query

Asked

Viewed 120 times

0

Good morning, I am new in PHP and am trying to make a form that puts the data in a mysql bd.

HTML Code (Bootstrap):

<div class="form-group">
  <label for="nome" class="col-md-1 control-label">Nome:</label>
  <div class="col-md-11">
    <input type="text" id="nome" name="nome" class="form-control" placeholder="Hubert Weber Xylo, 2012"></input>
  </div>
</div>

<div class="form-group">
  <label for="descricao" class="col-md-1 control-label">Descrição:</label>
  <div class="col-md-11">
    <textarea name="descricao" class="form-control" rows="3"></textarea>
  </div>
</div>

Code info.php:

<?php
  $connect = mysql_connect("localhost", "root", "1234");
  if (!$connect) {
    die('Connection Failed:' .mysql_error());
  }
  mysql_select_db("db_teste", $connect);

  $nome = $_POST['nome'];
  $descricao = $_POST['descricao'];

  $user_info = "INSERT INTO 'mytable' ( `NOME`, `DESCRICAO` ) VALUES ( $nome,  $descricao )";

  if (!mysql_query($user_info, $connect)) {
    die('Error: ' . mysql_error());
  }
  echo 'Cadastro concluido.';
  mysql_close($connect);

But the mistake I’m getting is this::

Error: You have an error in your SQL syntax; check the manual that Corresponds to your Mysql server version for the right syntax to use near ''mytable' ( NOME, DESCRICAO ) VALUES ( Testenome, Testedesc )' at line 1

What I’m doing wrong?

  • 3

    The values $nome and $descricao should be in quotes: "INSERT INTO nome_tabela ( NOME, DESC ) VALUES ( '$nome', '$descricao' )"

  • Remember: it is completely unsafe to perform queries this way in PHP. Read more about PDO: http://php.net/manual/en/book.pdo.php and/or use a framework (Laravel 4/5 for example, or Codeigniter if you don’t already have experience with frameworks - later migrate to Laravel).

  • Now the error is: Error: You have an error in your SQL syntax; check the manual that Corresponds to your Mysql server version for the right syntax to use near ''' ( NOME, DESC ' at line 1

4 answers

0

Good morning.

As already mentioned in the comments, use PDO for greater security in the execution of queries.

About the error, in your case use the following querie:

INSERT INTO TABELA (NOME, DESC) VALUES ("$nome", "$descricao");
  • When I put double quotes this appears: Parse error: syntax error, Unexpected '$name' (T_VARIABLE) in C: xampp htdocs db_test info.php on line 33

  • Um.. one thing I saw there was that I was using a reserved word, DESC. But I already switched to DESCRICAO at the bank, and changed the code. But the error remains the same

0

you have to put the string in quotes and escape to avoid error in PHP

$user_info = "INSERT INTO 'mytable' ( `NOME`, `DESC` ) VALUES ( \"$nome\",  \"$descricao\" )";

0

Try placing the variables within the query wrapped in single quotes. something like:

( '$nome',  '$descricao' )

With me it works like this. After all, your string uses double quotes.

-1


I managed to solve! I put the whole string of $user_info with single quotes and VALUES with double quotes. It worked!

  • If possible put the code as it was.

  • I edited the right code :)

Browser other questions tagged

You are not signed in. Login or sign up in order to post.