php - SQL syntax error


Im fairly new to both PHP and SQL but what i want is for the details entered into my form to be inserted into a database.

The code i have written works and the data is submitted into the database but there are a couple things not right.

Firstly here is the code;


include "credentials.php";

function insert_post($cnhost,$cnusername,$cnpassword,$cndatabase,$titlein,$contentin,$comment_optionin) {

    $connect = mysqli_connect($cnhost,$cnusername,$cnpassword,$cndatabase);

if (mysqli_connect_errno($connect))     


  echo "Failed to connect to MySQL: " . mysqli_connect_error();


  echo "Connection Success! <br>";

$submitpost_query = mysqli_query($connect,"INSERT INTO blog_posts (title,content,comment_option) VALUES ('".$titlein."','".$contentin."','".$comment_optionin."')"); 

if (!mysqli_query($connect,$submitpost_query))
  die('Error: ' . mysqli_error($connect));
echo "Post submitted.";



$title = $_POST["title"];
$content = $_POST["content"];
$comment_option = $_POST["comment_option"];



Although the data is submitted into the database as i want i get the following error;

"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1"

The $comment_option variable contains the value 1 or 0, depending on which radio button is selected so this error might be referring to this variable but this SQL error is the same whether the value of $comment_option is 1 or 0.

I do see "Connection success!" before this error but do not see "Post submitted" even though the post is actually submitted. Any ideas why?

As well as helping me with this problem i would be very grateful if somebody could give me some general tips to improve what iv wrote. I am a noob so im sure there's a few things that could be improved here!

Thanks very much!




The problem is here:

if (!mysqli_query($connect,$submitpost_query))

You're passing amysqli_query result which is$submitpost_query to anothermysqli_query which is in theif statement.




The problem is with following chunk of code if (!mysqli_query($connect,$submitpost_query)) it should be instead following if (!$submitpost_query)

Reason : You are executing return object again through mysql_queri function that is causing warning, invalid resource, as this function only excepts valid sql query or connection object




I know your question is answered but I seriously recommend you to sanitize the POST data before concatenating it in a query.

People are also looking for solutions to the problem: php - How can I get an entity from Doctrine Fixture reference?


Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.