Error when attempting to insert HTML form data into MySQL database using PHP7.2

#1

I am trying to insert email addresses I obtain from a subscriber form into a database, but I am a complete newbie when it comes to PHP. I am getting the following error from my code:

Error: 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’ at line 1

Here is my code:

<?php
// Only process the form if $_POST isn't empty
if ( ! empty( $_POST['email'] ) ) {

    // Connect to MySQL
    $mysqli = new mysqli( 'localhost', USER', 'PASSWORD', 'DATABASE');

    // Check connection
    if ( $mysqli->connect_error ) {
        die( 'Connect Error: ' . $mysqli->connect_errno. ': ' . $mysqli->connect_error );
    }

    // Insert data
    $sql = "INSERT INTO email_list ( email ) VALUES ('{$mysqli->real_escape_string($_POST['email'])}'";
    $insert = $mysqli->query($sql);

    // Print response
    if ( $insert ) {
        echo "Thank you for your interest.";
    }   else {
        die ("Error: {$mysqli->errno} : {$mysqli->error}");
    }

    // Close connection
    $mysqli->close();
}
?>

All assistance is greatly appreciated :slight_smile:

#2

You need to use prepared statements, not this,
$mysqli->real_escape_string($_POST[‘email’])

https://www.w3schools.com/php/php_mysql_prepared_statements.asp

1 Like