GhostCyborg GhostCyborg - 3 months ago 37
MySQL Question

Error in MariaDB Syntax

I am trying to add data to my MariaDB Database. Every time I run the php file, I get the following error,


Error creating database: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'INSERT INTO 'FileCenter' ('FileID', 'FileNAME', 'FileKEY', 'FileSRC') VALUES (NU' at line 1"


Here's my code:

<?php
$servername = "localhost";
$username = "root";
$password = "password";
$database = "DownloadCenter";
// Create connection
$conn = new mysqli($servername, $username, $password, $db);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

// Create database
//sql = "USE DownloadCenter; INSERT INTO 'FileCenter' ('FileID', 'FileNAME', 'FileKEY', 'FileSRC') VALUES (NULL, 'Video ', '45ge5g', '/var/www/MyVideo.mp4'), (NULL, NULL, NULL, NULL);";
$sql = "INSERT INTO FileCenter (FileId,FileNAME,FileKEY,FileSRC) VALUES (DEFAULT, 'Video', '45ge5g', '/var/www/MyVideo.mp4'";
if ($conn->query($sql) === TRUE) {
echo "Database created successfully";
} else {
echo "Error creating database: " . $conn->error;
}

$conn->close();


Notes:


  • The commented SQL line (Line 14) was copied and pasted from PHPMyAdmin, I've tried both MySQL lines, Get the same error from both

  • The DataBase is called "DownloadCenter", "FileCenter" is the table.

  • FileID
    is auto-increment


Answer

This:

//sql = "USE DownloadCenter; INSERT INTO 'FileCenter' ('FileID', 'FileNAME', 'FileKEY', 'FileSRC') VALUES (NULL, 'Video ', '45ge5g', '/var/www/MyVideo.mp4'), (NULL, NULL, NULL, NULL);";

You cannot run multiple statements in a single DB call. It's a core restriction in PHP's underlying mysql driver, as a basic defense against one form of SQL injection attack.

Since you can't run multiple statements, the 2nd and subsequent statements in a single query() call become syntax errors.

And note that your second query, the one that's uncommented, is missing a ) at the end, giving it its own synax error.