1
I created a function to insert information to two different tables, but it is showing an error:
You have an error in your SQL syntax; check the manual that Corresponds to your Mariadb server version for the right syntax to use near 'Insert into client(name, reg, Adress, phone) values('mary',2147483647,'a' at line 2
My job is:
function newUser($connect, $name, $reg, $address, $phone, $email, $pass){
$query = "insert into user(email, password) values('{$email}','{$pass}');
insert into client(name, reg, address, phone) values('{$name}','{$reg}','{$address}','{$phone}')";
return mysqli_query($connect, $query);
}
When I test the direct query in the bank, it works. :(
Rafael, as the name suggests (Stackoverflow in Portuguese), the official language used here is Portuguese. So could you please translate your question? If you prefer, you can also ask the same question on Stackoverflow website in English.
– NoobSaibot
This looks like a sql injection problem. The content of your variable
$addressseems to be interfering with the interpretation of the consultation. From a certain point of view, I’m glad it didn’t work: you don’t want this vulnerability on your system. It sucks.– Diego Rafael Souza
@Diegorafaelsouza Syntax problem does not refer to variable
$address. You may even have this problem too. But in this case, if you do more than one query with the functionmysqli_querythis problem will occur too! This question should not be closed.– Andrei Coelho
@Andreicoelho I understood. I do not know of php, I will portray the signage. Thank you. I thought it could be the question of injection because in the message the instruction appears truncated.
– Diego Rafael Souza
Thank you, Diego. I didn’t notice that it was in Portuguese. I have seen that translated and sorry for it.
– Rafael Figueiredo