Having trouble inserting information into my database. Receiving an error Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's only licensed garden.
I have looked up solutions already and followed the steps listed to solve the issue for example, putting the INSRT statement all in the one line to avoid whitespace and changing column names but having no luck. I feel like it is something I'm missing in my code. The same INSRT statement worked fine on a smaller form on my site but not for this one.
<div id="form">
<form action="sendinvite.php" method="post" class="eventform">
<fieldset id="createeventform" class="fieldset">
<legend style="color:#3b817a">Plan Details and Invite your Connections</legend>
<label>Activity Category:</label>
<input type="text" name="activity_cat" id="aname " value="<?php echo $row['activity_cat']?>"/>
</br>
<label>Activity Name:</label>
<input type="text" name="activity_name" id="aname " value="<?php echo $row['activity_name']?>"/>
</br>
<label>Activity Address:</label>
<textarea id="aaddress" name="activity_address"><?php echo $row['activity_address']?></textarea>
</br>
<label>Activity Description:</label>
<textarea id="adescription" name="activity_description"><?php echo $row['activity_description']?></textarea>
</br>
<label>Date of Activity:</label>
<input type="text" id="date" data-format="DD-MM-YYYY" data-template="D MMM YYYY" name="date"/>
</br>
<label>Time of Activity:</label>
<input type="text" id="time" data-format="HH:mm" data-template="HH : mm" name="datetime"/>
</br>
<label>Message to Invitee</label>
<textarea id="comment" name="activity_message"></textarea>
</br>
<label>Username Address to send</label>
<input type="text" id="username" name="username"/>
</br>
</br>
<input type="submit" name="addconnect" value="Send Invite"/>
</fieldset>
</form>
Above is my form and below is my php to insert into my database table called user_invites
<?php
session_start();
require_once('connect.php');
if (isset($_POST['addconnect']) && isset($_POST['activity_cat']) && isset($_POST['activity_name']) && isset($_POST['activity_address']) && isset($_POST['activity_description']) && isset($_POST['date']) && isset($_POST['datetime']) && isset($_POST['activity_message']) && isset($_POST['username']) ) {
$sql = "INSERT into `user_invites` (user_id, activity_cat, activity_name, activity_address, activity_description, date, datetime, activity_message, username) VALUES (" . $_SESSION['userSession'] . ",'" . $_POST['activity_cat'] . "','" . $_POST['activity_name'] . "','" . $_POST['activity_address'] . "','" . $_POST['activity_description'] . "','" . $_POST['date'] . "','" . $_POST['datetime'] . "','" . $_POST['activity_message'] . "','" . $_POST['username'] . "')";
if (!mysqli_query($conn,$sql))
{
die('Error: ' . mysqli_error($conn));
}
echo "<p></br>Thank you!</p>
";
mysqli_close($conn);
}
?>
PS. this code is not going live and is for project purposes only. I am aware of the SQL injection issues with the code