Trying to create a simple PHP MySql insert form that inserts an email address and random ten digit code and it keeps returning:
Please check email Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' NcB44PeYbI)' at line 1
NcB44PeYbI is obviously the random code generated.
function generateRandomString($length = 10) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}
$con=mysqli_connect("localhost","username","password","dbname");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$email = mysqli_real_escape_string($_POST['email']);
$acticode = generateRandomString();
$sql="INSERT INTO xActivate (EMAIL_ADDRESS, ACTIVATION_CODE) VALUES ($email, $acticode)";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
Thanks for your assistance!
