SQL syntax error. Unable to pull from table and insert to another table

Question

I keep getting this error

Connection failed: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''book' where 'ISBN' = 1' at line 1

I've tried everything but I don't understand why it's not working

$sql = "select 'BookTitle' from 'book' where 'ISBN' = $ISBN";
$result = $conn->query($sql);
$booktitle = $result;

if ($conn->error) {
    die("Connection failed: " . $conn->error);
}]

And to use prepared statement, your code is vulnerable to sql injection. — Jules R, Nov 28 '18 at 11:52
try this $sql = "select BookTitle from book where ISBN = $ISBN"; — user2042214, Nov 28 '18 at 11:53

score 1 · Answer 1 · answered Nov 28 '18 at 12:04

you don't need quotes around columns you want to select or table name. Also don't forget that your code is vulnerable to sql injection. You can use prepare method to avoid this.

$sql = "select BookTitle from book where 'ISBN' = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $ISBN);
$stmt->execute();
$stmt->bind_result($result);

score 0 · Answer 2 · answered Nov 28 '18 at 11:53

$sql = "select BookTitle from book where ISBN = $ISBN";

You don't need single quotes everywhere. Columns and Table name are not php strings. Also be aware that your code is open to SQL injection so make sure you refactor it to use prepared statements.

score -1 · Answer 3 · answered Nov 28 '18 at 11:57

-1

$sql = "select BookTitle from book where ISBN = '$ISBN'";

For sure, asumming that your column is BookTitle and your table is book

answered Nov 28 '18 at 11:57

akroma

45
1
1
6

SQL syntax error. Unable to pull from table and insert to another table

3 Answers3