$sSql = "INSERT INTO comments
( post_id,name, email, website,content)
VALUES (".$_POST[postid]",'".$_POST[name]"', '".$_POST[email]"', '"$_POST[website]"', '"$_POST[content]"')";
I am getting the following error. Can anyone help to fix this? Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in your code
Error was in string concatenation missing . and array missing qoutes
$sSql = "INSERT INTO comments
( post_id,name, email, website,content)
VALUES (".$_POST['postid'].",'".$_POST['name']."', '".$_POST['email']."', '".$_POST['website']."', '".$_POST['content']."')";
Use mysql_escape_string to avoid sql injection and best way to avoid sql injection.
You need to wrap with two periods. .$_POST[postid].
Also, make sure you escapting your $_POST parameters as it may be subject to SQL injection.
$_POST should be used as an associative array. So the keys should in quotes : $_POST['key']
Your strings aren't concatenated properly, you are missing some . before and after some $_POST[]
It's because you forgot some dots - unexpected strings are starting in your query.
$sSql = "INSERT INTO comments
( post_id,name, email, website,content)
VALUES (".$_POST['postid'].",'".$_POST['name']."', '".$_POST['email']."', '".$_POST['website']."', '".$_POST['content']."')";
Please escape userinputs before putting it into database. And take care of the arraykeys: it works without setting them into '' because php takes them as constants, can't find a defined constant of this name, and assumes that this has to be a string. Unnecessary.
Please use this. You forget quotes and dotes.
$sSql = "INSERT INTO comments ( post_id,name, email, website,content) VALUES (".$_POST['postid'].",'".$_POST['name']."', '".$_POST['email']."', '".$_POST['website']."', '".$_POST['content']."')";