Insert into MySQL Table PHP

Question

I am having some trouble making a simple form to insert data into a MySQL table. I keep getting this SQL error:

\"Error: You have an error in your SQL

Answer 1

try this

you should not use quotes of parameter around POST . and you should use them inside POST

       $sql = "INSERT INTO `current stock` (ItemNumber, Stock)
           VALUES
         ('".$_POST['ItemNumber']."', '".$_POST['Stock']."' )";

you should escape your variables before you insert them to mysql like that

• Note that the example does not call mysqli_real_escape_string. You would only need to use mysqli_real_escape_string if you were embedding the string directly in the query, but I would advise you to never do this. Always use parameters whenever possible.