Through the prompt method ,i'm taking the name of the person to create a table .The method is working and the name is being parsed by the php script .But no matter what ,the table is not getting created and getting the following
ERROR: Could not able to execute CREATE TABLE kat (Item VARCHAR(50) , Quantity INTEGER, Price REAL).
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'kat (Item VARCHAR(' at line 1 "
echo("<script type='text/javascript'> var answer = prompt('Enter name'); </script>");
$na= "<script type='text/javascript'> document.write(answer); </script>";
$sql = "CREATE TABLE $na (Item VARCHAR(50) , Quantity INTEGER, Price REAL)";
if(mysqli_query($conn, $sql)){
echo "Table created successfully.";}
else {
echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}
add your connection into $con.
The problem is that you are sending the following as the name of the table (expansion of $na):
<script type='text/javascript'> document.write(answer); </script> which shows as kat in your error message in the browser, but in reality is it is the Javascript code above, which produces an invalid SQL statement. $na should be set to something you send to the web server via GET or POST, which will be available in the $_GET, $_POST, or $_REQUEST variables, or in the php://input stream if you send it in the body of the POST request, e.g. as JSON. Another issue, but nevertheless worth mentioning - make sure to sanitize the user input to avoid the possibility of SQL-injection.
So, for example, have a POST form with a field answer that you send to the server, and then $na = mysqli_escape_string($_POST["answer"]); followed by $sql = "create table `$na` (Item VARCHAR(50) , Quantity INTEGER, Price REAL)"; and the rest of your code.