Good evening, learning PHP from the O'Reilly book, "Creating Dynamic Websites ...". Parsed given in the book example on working with the database. The example works only partially, requests for retrieval of information are performed normally, and the deletion or deletion of records displays an error:

`You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WREHE isbn=147258369147' at line 1


Through the command line requests are performed normally
Code snippets:

 $isbn = get_post($conn, "isbn"); $query = "DELETE FROM class WREHE isbn=$isbn"; $result = $conn->query($query); 
 $query = "INSERT INTO class(author, title, category, year, isbn) VALUES ('$author', '$title', '$category', '$year', '$isbn')"; $result= $conn->query($query);

I looked through the answers to similar questions, in almost all cases, problems in quotes (backward). In my case, adding quotes to the class, isbn does not help, the error remains.

  • all the same should be WHERE and not WREHE - Mike
  • 2
    On the insert account I will only note that a book with such examples would be worth throwing away. it is not clear in what year was written and 70% of all hacking sites in the world occur due to the fault of such a code in which the values ​​are directly substituted into the request text. Use bind variables php.net/manual/ru/mysqli-stmt.bind-param.php - Mike
  • Understood the error, you need to be careful. Bind variables also considered, everything works. - Kott

0