php - How to fix this SQL syntax error? -
how fix error?
"you have error in sql syntax; check manual corresponds mysql server version right syntax use near '' @ line 1."
i'm using wamp server. localhost:81.
<?php $conn =mysqli_connect('localhost', 'root' , '','register'); if(isset($_post['submit'])) { $fname=$_post['fname']; $mname = $_post['uname']; $email = $_post['email']; $contact = $_post['contact']; $gender = $_post['gender']; $password = $_post['pass']; $repassword = $_post['rpass']; $sql = "insert registered(fullname,username,email,contact#,gender,password,rpassword) values('$fname','$mname','$email','$contact','$gender','$password','$repassword')"; if ($conn->query($sql) === true) { echo "new record created successfully"; print '<script>alert("successfully submit data!");</script>'; } else{ echo "error: " . $sql . "<br>" . $conn->error; } $conn->close(); } ?>
i recommend using backticks (`) around column names, prevent sql seeing else. want make sure escape data well.
$sql = "insert `registered` (`fullname`, `username`, `email`, `contact#`, `gender`, `password`, `rpassword`) values (?, ?, ?, ?, ?, ?, ?)"; $stmt = $mysqli->prepare($sql); $stmt->bind_param('sssssss', $fname, $mname, $email, $contact, $gender, $password, $repassword); if ( $stmt->exec() ) { //success } else { echo "error: " . $sql . "<br>" . $conn->error; } for more information on sql injection, , how can effect you, please check out this post.
Comments
Post a Comment