As previously suggested, I'm using JINPUT with Joomla to submit data into a SQL table I have prepared. When the submit button is pressed I get the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Test,hgrhsghf,,Minor,In Progress)' at line 3 SQL=INSERT INTO
tud_website_issues(userid,rdate,description,area,subsection,urgency,status) VALUES (488,,Test,hgrhsghf,,Minor,In Progress)
I'm unsure what the exact issue and I've tried looking up the error but can't find the issue. Here is my main code:
<?php
$jinput = JFactory::getApplication()->input;
if(isset($_POST['submitrepair'])) {
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$user = JFactory::getUser();
$userID = $user->get( 'id' );
$date = getdate("d/m/Y");
$description = $jinput->get('description', null , null);
$section = $jinput->get('subsection', null , null);
$subsection = $jinput->get('area', null , null);
$urgency = $jinput->get('urgency', null , null);
$status = "In Progress";
$columns = array('userid', 'rdate', 'description', 'area', 'subsection', 'urgency', 'status');
$values = array($userID, $date, $description, $section, $subsection, $urgency, $status);
$query
->insert($db->quoteName('#__website_issues'))
->columns($db->quoteName($columns))
->values(implode(',', $values));
$db->setQuery($query);
$db->execute();
echo "Issue Successfully Reported!";
}
echo "<table style='text-align:center;text-align:center;margin-left:41%;'>";
echo "<tr><td><h4>Report Website Issue</h4></td></tr>";
echo "<tr><td><form method='post'><select name='area' onchange='this.form.submit()'>
<option value=''>Select Website Area</option>
<option value='General'>General</option>
<option value='Emails'>Emails</option>
<option value='Education'>Education</option>
<option value='Reviews'>Reviews</option>
<option value='Store'>Store</option>
<option value='Toolkit'>Toolkit</option>
<option value='Membership'>Membership</option>
<option value='Other'>Other</option>
</select></form>
</td></tr>";
echo "<form method='post'>";
$selected = $jinput->get('area', null, null);
echo "<tr><td><h5><center>Current Area Selected: $selected</center></tr></td></h5>";
if($selected == 'General') {
echo "<tr><td><input type='text' name='subsection' placeholder='Subsection'></td></tr> ";
}
else if($_POST['area'] == 'Emails') {
echo "<tr><td><select name='subsection'>
<option value=''>Select Email System</option>
<option value='Notification'>Notifications</option>
<option value='Newsletter'>Newsletter</option>
<option value='Store'>Store Emails</option>
</select></td></tr>";
}
else if($selected == 'Education') {
echo "<tr><td><select name='subsection'>
<option value=''>Select Subsection</option>
<option value='Lighting'>Lighting</option>
<option value='Sound'>Sound</option>
<option value='Rigging'>Rigging</option>
<option value='StageManagement'>Stage Management</option>
<option value='ConsoleTraining'>Console Training</option>
<option value='Tips'>Tips</option>
</select></td></tr>";
}
else if($selected == 'Reviews') {
echo "<tr><td><input type='text' name='subsection' placeholder='Specific Review'></td></tr> ";
}
else if($selected == 'Toolkit') {
echo "<tr><td><input type='text' name='subsection' placeholder='Specific Tool'></td></tr> ";
}
else if($selected == 'Membership') {
echo "<tr><td><select name='subsection'>
<option value=''>Select Membership Plan</option>
<option value='Member'>Member</option>
<option value='Student'>Student</option>
<option value='Educator'>Educator</option>
</select></td></tr>";
}
else if($selected == 'Other') {
echo "<tr><td><input type='text' name='subsection' placeholder='Subsection'></td></tr> ";
}
echo "<tr><td><select name='urgency'>
<option value=''>Select Urgency</option>
<option value='Minor'>Minor</option>
<option value='Serious'>Serious</option>
<option value='Urgent'>Urgent</option>
</select></td></tr>";
echo "<tr><td><textarea rows='6' cols='50' name='description' placeholder='Please Describe The Issue'></textarea></td></tr>";
// Submit
echo "<tr><td><input type='submit' name='submitrepair' value='Submit Issue'>";
echo "</form></table><hr>";
Any idea how to fix this? Thanks in advanced.
Use $db->quote in your value array
$values = array($userID, $db->quote($date), $db->quote($description), $db->quote($section), $db->quote($subsection), $db->quote($urgency), $db->quote($status));