SQL syntax error; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1

I am new to php and for the life of me I cannot sort out my issue with the below code. Please help me out! Kindly appreciated.

"You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' '0')' at line 1"

<?php
session_start();
if ($_SESSION['admin']!=NULL)
{
    include_once('functions/dbFunctions.php');
    $category = addslashes($_POST['category']);
    $subcat = addslashes($_POST['subcat']);
    $pname = addslashes($_POST['pname']);
    $content = addslashes($_POST['content']);
    $meta_title = addslashes($_POST['meta_title']);
    $meta_description = addslashes($_POST['meta_description']);
    $schema = addslashes($_POST['schema']);
    $sql="INSERT INTO `product_tbl` (`product_name`, `product_details`,`product_cat`, `product_sub_cat`, `meta_title`, `meta_description`, `schema`, `product_status`) VALUES ('$pname', '$content', $category', '$subcat', '$meta_title', '$meta_description', '$schema', '0');";
    $ins=insert_update($sql);
    if($ins=='OK')
        {
            $msg="<strong>{$pname}</strong> details updated successfully";
            header('location:index.php?page=135&a=1&m='.$msg);
        }
        else
        {
            $msg="Oops!.echo $ins";
            header('location:index.php?page=122&a=2&m='.$msg);
        }
}
else
{
    $msg="Invalid access. You must login to continue!";
    header("location:login.php?msg=".$msg);
}
?>
728x90

2 Answers SQL syntax error; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1

As axiac wrote in the comment, You have misplaces a single quote in the end of your query.

In this line of code:

$sql="INSERT INTO `product_tbl` (`product_name`, `product_details`, `product_cat`, `product_sub_cat`, `product_img`, `meta_title`, `meta_description`, `schema`, `product_status`) VALUES ('$pname', '$content', '$category', '$subcat', '$pathname', '$meta_title', '$meta_description', '$schema,' '0');";

at the end you have '$schema,' '0');";

If you look at it more carefully you can see you have closed the single quote for the $schema after the comma. and It should be '$schema', '0');";

This will solve your current problem, but as Panagiotis Kanavos mentioned in the comments your code is vulnerable to SQL Injection. So it's better to do some research on it and how to fix it(Using prepared statements and parameter binding).

1 year ago

If you indent properly, it's easy to see why the error.

$sql = 
"INSERT INTO `product_tbl` (
    `product_name`
    , `product_details`
    ,`product_cat`
    , `product_sub_cat`
    , `meta_title`
    , `meta_description`
    , `schema`
    , `product_status`
) VALUES (
    '$pname'
    , '$content'
    , $category'
    , '$subcat'
    , '$meta_title'
    , '$meta_description'
    , '$schema'
    , '0'
);"

You miss a quote on $category.

1 year ago