1

I am working on my website and I can't access myPhpAdmin right now, so I tried making a script for inserting values for a search thing. However, when I visit the link, website.com/search/create.php?l=link&d=description&t=title, I get an error. This one

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'link, description, title)' at line 1

Here's what my script looks like.

$link = "https://website.com";
$description = "The homepage of the site";
$title = "Home";

// sql to create table
$sql = "INSERT INTO search (link, description, title) VALUES (".$link.", ".$description.", ".$title.")";

if (mysqli_query($conn, $sql)) {
echo "it's working";
} else {
echo "it's not working?" . mysqli_error($conn);
}
Improve this question
1
  • 1
    SQL Injection Little Bobby Tables xkcd.com/327 Open Web Application Security Project owasp.org/index.php/SQL_Injection (Answers suggesting single quotes be incorporated into the SQL text are incomplete if they don't also suggest properly escaping potentially unsafe values. Best practice is prepared statements with bind placeholders. Commented Mar 15, 2019 at 17:06

4 Answers 4

Reset to default
1

replace 

$sql = "INSERT INTO search (link, description, title) VALUES ('".$link."', '".$description."', '".$title."')";

instead of : 

$sql = "INSERT INTO search (link, description, title) VALUES (".$link.", ".$description.", ".$title.")";

you are trying to insert a string without '

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

it seems you are missing single quotation in SQL query, try the following:-

$sql = "INSERT INTO search (link, description, title) VALUES ('".$link.", '".$description."', '".$title."')";
Improve this answer

Comments

0

Just Change the Query syntax in your code and check it ... Hope your error should be resolve.

// sql to create table
$sql = "INSERT INTO search (link, description, title) VALUES ('$link', '$description', '$title')";
Improve this answer

1 Comment

its change inserted value.create extra dot in values like .text.
0

Your code for inserting data into database table is wrong (assuming you already executed database connection query ($conn) and have 'search' table on database).

$sql = "INSERT INTO search (link, description, title) VALUES ('$link', '$description', '$title')";

You don't have to put concatenate operator ('.') inside your SQL query as you are not concatenating PHP and markup texts.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.