Error using variables in a query

0

Good morning, I'm new to PHP and I'm trying to make a form that puts the data in a mysql bd.

HTML code (Bootstrap):

<div class="form-group">
  <label for="nome" class="col-md-1 control-label">Nome:</label>
  <div class="col-md-11">
    <input type="text" id="nome" name="nome" class="form-control" placeholder="Hubert Weber Xylo, 2012"></input>
  </div>
</div>

<div class="form-group">
  <label for="descricao" class="col-md-1 control-label">Descrição:</label>
  <div class="col-md-11">
    <textarea name="descricao" class="form-control" rows="3"></textarea>
  </div>
</div>

Code info.php:

<?php
  $connect = mysql_connect("localhost", "root", "1234");
  if (!$connect) {
    die('Connection Failed:' .mysql_error());
  }
  mysql_select_db("db_teste", $connect);

  $nome = $_POST['nome'];
  $descricao = $_POST['descricao'];

  $user_info = "INSERT INTO 'mytable' ( 'NOME', 'DESCRICAO' ) VALUES ( $nome,  $descricao )";

  if (!mysql_query($user_info, $connect)) {
    die('Error: ' . mysql_error());
  }
  echo 'Cadastro concluido.';
  mysql_close($connect);

But the error I'm getting is the following:

  

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' mytable '' (at NOME , DESCRICAO ) VALUES (TestName, TestDesc) 'at line 1

What am I doing wrong?

    
asked by anonymous 16.06.2015 / 14:23

4 answers

-1

I was able to solve it! I put the entire $ user_info string with single quotation marks and the VALUES with double quotation marks. It worked!

    
16.06.2015 / 15:32
0

Good morning.

As already mentioned in the comments, use PDO for greater security in the execution of the queries.

On the error, in your case use the following query:

INSERT INTO TABELA (NOME, DESC) VALUES ("$nome", "$descricao");
    
16.06.2015 / 14:50
0

You have to enclose the string in quotation marks and escape to avoid giving PHP error

$user_info = "INSERT INTO 'mytable' ( 'NOME', 'DESC' ) VALUES ( \"$nome\",  \"$descricao\" )";
    
16.06.2015 / 15:25
0

Try placing the variables inside the query in single quotation marks. something like:

( '$nome',  '$descricao' )

It works with me. After all, your string uses double quotation marks.

    
01.07.2015 / 04:50