Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's Sneakers','37')' at line 2 in C:\xampp\htdocs\vier\app\add\tambah_data.php:10 Stack trace: #0 C:\xampp\htdocs\vier\app\add\tambah_data.php(10): mysqli_query(Object(mysqli), 'INSERT INTO dat...') #1 {main} thrown in C:\xampp\htdocs\vier\app\add\tambah_data.php on line 10

<?php
include('../../conf/config.php');
$nama = $_GET['nama'];
$alamat = $_GET['alamat'];
$no_Hp = $_GET['no_Hp'];
$produk = $_GET['produk'];
$ukuran = $_GET['ukuran'];
$harga = $_GET['harga'];
$query = mysqli_query($koneksi, "INSERT INTO data_pelanggan (Id,Nama_Pelanggan,Alamat,No_Hp,Nama_Produk,Ukuran) VALUES('','$nama','$alamat','$no_Hp''$produk','$ukuran')");
header('Location:../index.php?page=data-penjualan');
?>

CodePudding user response：

I have checked your code and there is less coma. For extra, have you checked the column field data type? Seems the $harga should be a number instead of a string

$query = mysqli_query($koneksi, "INSERT INTO data_pelanggan (Id,Nama_Pelanggan,Alamat,No_Hp,Nama_Produk,Ukuran) VALUES('','$nama','$alamat','$no_Hp','$produk',$ukuran)");

CodePudding user response：

Due to security reasons you should use prepared statements. In the code snippet beneath I assume you want to insert strings. If you want to insert integers you have to replace the "s" with an "i" at the right position:

<?php
include('../../conf/config.php');
$nama = $_GET['nama'];
$alamat = $_GET['alamat'];
$no_Hp = $_GET['no_Hp'];
$produk = $_GET['produk'];
$ukuran = $_GET['ukuran'];
$harga = $_GET['harga'];
$stmt = $koneksi->prepare("INSERT INTO `data_pelanggan` VALUES(Id,?,?,?,?,?)");
$stmt->bind_param("sssss",$nama, $alamat, $no_Hp, $produk, $ukuran);
$stmt->execute();
$stmt->insert_id;
$stmt->close();
$koneksi->close();  

header('Location:../index.php?page=data-penjualan');
?>