I have this code to send the data of 3 input fields for an id-number and 2 dates (2 selectors, one text field) to my database. All 3 columns are VARCHAR. I am using a form with method POST.
I get this error:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 336
I do not have 336 lines in any of my files.
This is what PHP and SQL code I have in my file. I've been going through it for a long while now but can't seem to find where this syntax error lies. Any ideas?
<?php
//Fetches the id of the konsert selected.
$id = $_GET['id'];
//Create DB object
$db = new Database();
//Create query to fetch personel
$query = "SELECT * FROM funktionar";
//Run above query
$personel = $db->select($query);
//Fetch all from konsert matching the id
$query = "SELECT * FROM konsert WHERE konsertID=".$id;
//Run above query
$konsert = $db->select($query);
if(isset($_POST['submit'])) {
//Assign variables
$namn = mysqli_real_escape_string($db->link, $_POST['personalID']);
$tidStart = mysqli_real_escape_string($db->link, $_POST['tidStart']);
$tidSlut = mysqli_real_escape_string($db->link, $_POST['tidSlut']);
//Simple validation
if($namn == '' || $tidStart == '' || $tidSlut == ''){
//Set error if any field is left empty
$error = 'Vänligen fyll i alla fält.';
} else {
$query = "INSERT INTO sakerhet
(personalID, tidStart, tidSlut)
VALUES ('$namn', '$tidStart', '$tidSlut')";
$insert_row = $db->insert($query);
}
}
?>
EDIT: Have added the insert function:
public function insert($query) {
$insert_row = $this->link->query($query) or die($this->link->error.__LINE__);
//Validate insert
if($insert_row) {
header("Location: index.php?msg=".urlencode('Record Added'));
exit();
} else {
die('Error : ('.$this->link->errno .') '.$this->link->error);
}
}