strasbal strasbal - 19 days ago 6
PHP Question

I am getting a Syntax Error in SQL

Having trouble submitting data to a database because of syntax error.

Database Structure

database: red_fungi
username: fungi_47
password: *******


Table Structure:

columns > type

id > int(11)
first_name > text
last_name > text
email > text
phone > text
website > text
description > text


As well as the php code:

<?php
$servername = "localhost";
$username = "fungi_47";
$password = "********";
$dbname = "red_fungi";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

// Escape user inputs for security

$first_name = mysqli_real_escape_string($link, $_POST['first_name']);
$last_name = mysqli_real_escape_string($link, $_POST['last_name']);
$email = mysqli_real_escape_string($link, $_POST['email']);
$phone = mysqli_real_escape_string($link, $_POST['phone']);
$website = mysqli_real_escape_string($link, $_POST['website']);
$comment = mysqli_real_escape_string($link, $_POST['comment']);
$hosting = mysqli_real_escape_string($link, $_POST['hosting']);


$sql = "INSERT INTO contact (id, first_name, last_name, email, phone, website, description, hosting)
VALUES (NULL, $first_name, $last_name, $email, $phone, $website, $comment, $hosting)";


if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>


When submitting, I see that the post has been successful:

first_name=Bill&last_name=Nye&email=bill%40nye.com&phone=8888888888&website=billnyefungi.com&comment=help%20me%20make%20a%20fungi%20website&hosting=yes


but the post response shows the following error:


Error: INSERT INTO contact (id, first_name, last_name, email, phone, website, description, hosting)
VALUES (NULL, , , , , , , )
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near ' , , , , , )' at line 2


However I've checked the syntax and can't see anything wrong with it. Any ideas what's going wrong?

Answer

Your code is assuming that $_POST['XXX'] will be populated, and it isn't. Thats what all those ,,,,,,,, mean in the error.

Instead, first check if $_POST['XXX'] is created, and has a value prior to using it.

if ((isset($_POST['first_name'])) && (!empty( $_POST['first_name'])) ) {
  //do query and rest of your script

} else { die('Need form input');}