This question already has an answer here:
- mysqli insert error incorrect syntax 1 answer
- How can I prevent SQL injection in PHP? 28 answers
i am creating news letter system in php ,every thing work fine but problem occurs when i try to compose newsletter using tinymce wysiwyg editor ,it cause the corruption of sql query and says this error
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'book antiqua', palatino, serif;">Hello every one this is my newsletter system
this is my insertation query
<?php
include '../database/connection.php';
$subject=$_POST['subject'];
$message=$_POST['message'];
$update=mysqli_query($con,"UPDATE `letters` SET `subject` = '$subject' ,`content` = '$message' WHERE `letters`.`id` = $id
")or die(mysqli_error($con)) ;
?>
and this is html form
<form action="" method="post">
<div class="form-group">
<input type="text" class="form-control" name="subject" value="<?php echo $news_title?>">
</div>
<div class="form-group">
<textarea class="form-control" id="mytextarea(tinymce id )" name="message" ><?php echo $news_msg?></textarea>
</div>
<button type="submit" name="submit" class="btn btn-primary btn-block">Draft The Newsletter</button>
</form>
</div>