So I'm trying to allow a form to add data to a mySQL table. I have this form
<form name="addBook" action="addBook.php" method="post" >
ISBN: <input type="text" name="isbn"><br />
Name: <input type="text" name="name"><br />
Edition: <input type="text" name="edition"><br />
Author: <input type="text" name="author"><br />
Class: <input type="text" name="class"><br />
Department: <input type="text" name="department"><br />
Condition: <input type="text" name="condition"><br /><br />
<input type="submit" value="Add Book">
</form>
Where addBook.php is...
<?php
$con=mysqli_connect("cclloyd.com","cclloyd","","Inventory");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$isbn = mysqli_real_escape_string($con, $_POST['isbn']);
$name = mysqli_real_escape_string($con, $_POST['name']);
$edition = mysqli_real_escape_string($con, $_POST['edition']);
$author = mysqli_real_escape_string($con, $_POST['author']);
$class = mysqli_real_escape_string($con, $_POST['class']);
$department = mysqli_real_escape_string($con, $_POST['department']);
$condition = mysqli_real_escape_string($con, $_POST['condition']);
$sql="INSERT INTO Books (isbn, name, edition, author, class, department, condition)
VALUES ('$isbn', '$name', '$edition', '$author', '$class', '$department', '$condition')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
header('Location: http://umassd.cclloyd.com/bookadded.php' ) ;
?>
And when I executed it, I get this error. "Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'condition) VALUES ('l', 'lk', 'l', 'k', 'j', 'h', 'h')' at line 1"
Where those were just random things I put in to fill the form. Where is the error? I looked online a lot and they all say to enter it like I have it.
