hello
i try this form and script
_____________________________________________________

<form action="insert.php" method="REQUEST">backend - insert new record<br>
id: <input type="number" name="id"><br>
manufacturer: <input type="text" name="manufacturer"><br>
transferrate: <input type="text" name="transferrate"><br>
cache: <input type="text" name="cache"><br>
size: <input type="text" name="size"><br>
RPM: <input type="text" name="RPM"><br>
use: <input type="text" name="use"><br>
price: <input type="text" name="price"><br>
seller: <input type="text" name="seller"><br>
detail: <input type="text" name="detail"><br>
<input type="submit">
</form>

insert.php:
_______________________________________

$sql="INSERT INTO hdd(id, manufacturer,transferrate,cache,size,RPM,use,price,seller,detail)
VALUES
($_REQUEST[id],'$_REQUEST[manufacturer]','$_REQUEST[transferrate]','$_REQUEST[cache]','$_REQUEST[size]','$_REQUEST[RPM]','$_REQUEST[use]','$_REQUEST[price]','$_REQUEST[seller]','$_REQUEST[detail]')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "1 record added";

mysqli_close($con);
?>

To pass values in the database but i get errors like:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'use,price,seller,detail) VALUES (7,'SamsungSpinpoint','7MB','8 MB','160GB','5400' at line 1................what can be goin wrong?

id is int ,all others are varchar.

use is a reserved word so, or you use backticks around the word or you alter the table.

In addition: the methods available for the form are POST, GET, PUT and other methods. REQUEST is a generic method used to retrieve data in PHP, don't use it in the method attribute, and avoid $_REQUEST if you can, because it allows a client to submit data also through a cookie.

Hiya spyros.lois, Try ....

insert.php
_______________________________________

    <?php
    $id = $_POST['id'];
    $manufacturer = $_POST['manufacturer'];
    $transferrate = $_POST['transferrate'];
    $cache = $_POST['cache'];
    $size = $_POST['size'];
    $RPM = $_POST['RPM'];
    $use = $_POST['use'];
    $price = $_POST['price'];
    $seller = $_POST['seller'];
    $detail = $_POST['detail'];




$sql="INSERT INTO hdd(id, manufacturer,transferrate,cache,size,RPM,use,price,seller,detail)
VALUES
($id,'$manufacturer','$transferrate','$cache','$size','$RPM','$use','$price','$seller','$detail')";

    if (!mysqli_query($con,$sql))
    {
    die('Error: ' . mysqli_error($con));
    }
    echo $sql; /*DEBUG the insert string */
    echo "1 record added";
    mysqli_close($con);
?>

@KingGold

You've ignored the two posts above yours - the reserved keyword use was entered into his SQL query; you've also done the same thing in your response therefore it still wouldn't work..?

commented: The 2 above comments weren't there when I orignally posted. +0
Member Avatar

@KIngGold - you should never do this. All the input data is unsanitized, leaving the OP open to sql injection. As you're using mysqli, you should use parameterized queries. Check out the php.net manual on this.