0

So I'm trying to allow a form to add data to a mySQL table. I have this form

<form name="addBook" action="addBook.php" method="post" >
ISBN: <input type="text" name="isbn"><br />
Name: <input type="text" name="name"><br />
Edition: <input type="text" name="edition"><br />
Author: <input type="text" name="author"><br />
Class: <input type="text" name="class"><br />
Department: <input type="text" name="department"><br />
Condition: <input type="text" name="condition"><br /><br />
<input type="submit" value="Add Book">
</form>

Where addBook.php is...

<?php
$con=mysqli_connect("cclloyd.com","cclloyd","","Inventory");
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// escape variables for security
$isbn = mysqli_real_escape_string($con, $_POST['isbn']);
$name = mysqli_real_escape_string($con, $_POST['name']);
$edition = mysqli_real_escape_string($con, $_POST['edition']);
$author = mysqli_real_escape_string($con, $_POST['author']);
$class = mysqli_real_escape_string($con, $_POST['class']);
$department = mysqli_real_escape_string($con, $_POST['department']);
$condition = mysqli_real_escape_string($con, $_POST['condition']);

$sql="INSERT INTO Books (isbn, name, edition, author, class, department, condition)
VALUES ('$isbn', '$name', '$edition', '$author', '$class', '$department', '$condition')";

if (!mysqli_query($con,$sql)) {
  die('Error: ' . mysqli_error($con));
}

mysqli_close($con);

header('Location: http://umassd.cclloyd.com/bookadded.php' ) ; 
?>

And when I executed it, I get this error. "Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'condition) VALUES ('l', 'lk', 'l', 'k', 'j', 'h', 'h')' at line 1"

Where those were just random things I put in to fill the form. Where is the error? I looked online a lot and they all say to enter it like I have it.

Improve this question
2
  • Also, take a look at prepared statements Commented Aug 10, 2014 at 9:16
  • you are inserting this literal '$isbn' and the problem montioned by @LHristov Commented Aug 10, 2014 at 9:20

2 Answers 2

Reset to default
2

condition is reserved word for Mysql. Check the reserved words here

Put the word in quotes.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

or change the name of the column
0

Please use this 

 $sql="INSERT INTO Books (`isbn`, `name`, `edition`, `author`, `class`, `department`, `condition`)
VALUES ('$isbn', '$name', '$edition', '$author', '$class', '$department', '$condition')";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.