SQL Syntax Error (Server version: 5.6.17 - MySQL)

Question

Could you guys please tell me what is missing on this code. because i get SQL Syntax Error.

i have created table with three colums. ID is auto incriminating and Ima

Answer 1

You are trying to insert the value '$img_name' as Name and not img_name content. Try the following:

 $query  = mysqli_query($Con, "INSERT INTO `cars_tbl` (ID,Name,Image) VALUES ('','" . $img_name . "','" . $image . "')");

Answer 2

You forgot to wrap $img_name in '

$query = mysqli_query($Con, "INSERT INTO `cars_tbl` (ID, Name, Image) VALUES ('', '$img_name', '$image')");

Answer 3

The problem is you are saving apparently blob into the database without escaping it.

You must realize what happens in your command: The image data - which can also contain ' because it is binary - invalidates your SQL command.

The correct way how to save it:

1)

Either with prepared statements

2)

mysqli_query($Con, "INSERT INTO `cars_tbl` (ID, Name, Image)
   VALUES ('', '$img_name', '".mysqli_escape_string($image)."')");

I would prefer Prepared Statements. The other question is why you set ID to an empty string.