I am making an order form using PHP that sends to my database but I am getting this error when I submit it:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'case, casel, processor) VALUES ('case1', 'casel1', 'processor1')' at line 1
here's my code
index.php:
<Form name ="pc" Method ="Post" ACTION ="cart.php">
<Input type = 'Radio' Name ='case' value= 'case1' />Case 1 <br />
<Input type = 'Radio' Name ='case' value= 'case2' />Case 2 <br />
<Input type = 'Radio' Name ='case' value= 'case3' />Case 3 <br /><br />
<Input type = 'Radio' Name ='casel' value= 'casel1' />Red<br />
<Input type = 'Radio' Name ='casel' value= 'casel2' />Green <br /><br />
<Input type = 'Radio' Name ='processor' value= 'processor1' />Intel® Core™ i3 4130 3,4 GHz<br />
<Input type = 'Radio' Name ='processor' value= 'processor2' />Intel® Core™ i5 4670K 3.40 Ghz <br />
<Input type = 'Radio' Name ='processor' value= 'processor3' />Intel® Core™ i7 4770K 3.5 GHz <br />
<Input type = 'submit' Name ='submit' value= 'Submit' ><br />
</FORM>
cart.php
<?php
include("config.php");
if ( isset( $_POST['case'] ) && isset( $_POST['casel'] ) && isset( $_POST['processor'] ) ) {
$case = mysqli_real_escape_string($mysqli, $_POST['case']);
$casel = mysqli_real_escape_string($mysqli, $_POST['casel']);
$processor = mysqli_real_escape_string($mysqli, $_POST['processor']);
$sql="INSERT INTO products (case, casel, processor)
VALUES ('$case', '$casel', '$processor')";
if (!mysqli_query($mysqli,$sql)) {
die('Error: ' . mysqli_error($mysqli));
}
echo "1 record added";
} else {
echo "You didn't choose all the options! No record was added. Please choose one option from each category";
}
?>