Parse error: syntax error, unexpected 'into' (T_STRING)

Question

I am using a script form 2002 can anyone help me whit this code

 $add_topic = insert into forum_topics values ('', '$_POST['topic_title']',

It gives me a "Parse error: syntax error, unexpected 'into' (T_STRING)" Please help

Thank you

Use prepared statements and parameterize the query. This is SQL injectable. — user3783243, Apr 08 '20 at 20:20

Xp10d3 · Answer 1 · 2020-04-08T20:25:21.230

You need to put quotes around your SQL statement. You also might get some errors with using your variable $_POST['topic_title']. Put double quotes around it like below.

$add_topic = "INSERT INTO forum_topics VALUES('', '".$_POST['topic_title']."')";

It's also a good idea to add parenthesis after "forum_topics" so that you can get an idea of what you are actually inserting.

$add_topic = "INSERT INTO forum_topics(some_value, topic_title) VALUES('', '".$_POST['topic_title']."')";

Also use Prepared Statements so your code is not open to SQL injection. Please search Google first before coming here as there are a lot of resources related to errors. It should look like this:

$add_topic = "INSERT INTO forum_topics(some_value, topic_title) VALUES(?, ?)";
if ($stmt = mysqli_prepare($conn, $add_topic) {
  mysqli_stmt_bind_param($stmt, "ss", $some_var, $_POST['topic_title'];
  $some_var = ' ';
  mysqli_stmt_execute($stmt);
  // Execution successful.
} else {
  // Error.
}

Parse error: syntax error, unexpected 'into' (T_STRING)

1 Answers1