通过php插入mysql时出错

i'm trying to insert to database and it gave me this :

Error inserting You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 3 something wrong in Database

public function set_Animal($Name,$Gender,$Allergie,$Age,$Weight,$Type_ID,$Owner_ID,$Colour){
    $Animal_Query= "INSERT INTO animal (Name,Gender,Allergie,Age,Weight,Type_ID,Owner_ID,Colour)
                    VALUES ($Name,$Gender,$Allergie,$Age,$Weight,$Type_ID,$Owner_ID,$Colour)";
    if(mysqli_query($this->conn,$Animal_Query)) {
        return true ;
    }
    else {
        echo "Error inserting ".mysqli_error($this->conn);
        return false ;
    }
}

To make your code work, you have to enclose columns that have character data types with single quotes. However, that is suspect to SQL injection. Use prepared statements instead.

Supposing that all columns are characters except age and weight are numbers:

EDIT: Added checking if $conn->prepare was successful.

public function set_Animal ($Name,$Gender,$Allergie,$Age,$Weight,$Type_ID,$Owner_ID,$Colour){

    $Animal_Query = "INSERT INTO animal (Name,Gender,Allergie,Age,Weight,Type_ID,Owner_ID,Colour) VALUES (?,?,?,?,?,?,?,?)";

    if($stmt = $conn->prepare($Animal_Query)){
        $stmt->bind_param("sssiisss", $Name, $Gender, $Allergie,$Age,$Weight,$Type_ID,$Owner_ID,$Colour);

        if($stmt->execute())
            return true;
        else
            return false;

    } else {
        printf("Errormessage: %s
", $mysqli->error);
    }
    $stmt->close();
}

The function bind_param binds the parameters to the SQL query. The "sssiisss" argument lists the types of data that the parameters are. The s character tells mysql that the parameter is a string, while the i tells it that its a number.

The argument may be one of four types:

i : integer

d : double

s : string

b : BLOB

We should have one of these for each parameter.