Entry Cant SubmittedYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntaxto [duplicate]

Question

Error: Entry Cant SubmittedYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''Image') VALUES ('Nakshatra ', 'Neema', '[email protected]', '07746884...' at line 1

Code:

<?php
   global $conn;
 
   if (isset($_POST['submit'])) 
   {
    
        if (isset($_POST['FNAME']) && isset($_POST['LNAME']) && isset($_POST['MAIL']) && isset($_POST['MNUM']))
        {
            $errors = array();
            if(isset($_FILES['IMAGE']) && $_FILES['IMAGE']['error'] == 0)
            {
            
            $servername = "localhost";
            $username = "root";
            $password = "";
            $database = "data1";
            $conn = mysqli_connect($servername, $username, $password, $database);
            if(!$conn)
            {
               die('Connection did not Established');
            }
            $FirstName = $_POST['FNAME'];
            $LastName = $_POST['LNAME'];
            $Email = $_POST['MAIL'];
            $MobileNumber = $_POST['MNUM'];
            $file_name = time() . '_' . $_FILES['IMAGE']['name'];
            $file_size = $_FILES['IMAGE']['size'];
            $file_tmp = $_FILES['IMAGE']['tmp_name'];
            $file_type = $_FILES['IMAGE']['type'];
            $file_ext = pathinfo($file_name, PATHINFO_EXTENSION);
            $extensions = array("jpeg", "jpg", "png", "gif");
            
            
                if (in_array($file_ext, $extensions) === false) 
                {
                    $errors[] = "Extension not allowed, please choose a JPEG or PNG file.";
                }

                if ($file_size > 50000)
                {
                    $errors[] = 'File size must be excately 50KB';
                }

                if (empty($errors) == true)
                {
                    
                    move_uploaded_file($file_tmp, "uploads/" . $file_name);
                    $sql = "INSERT INTO `new` (`FirstName`, `LastName`, `Email`, `MobileNumber`,'Image') VALUES ('$FirstName', '$LastName', '$Email', '$MobileNumber','$file_name')";
                    $result = $conn->query($sql);
                    if($result)
                    {
                        echo "Entry is Successfully Submitted";
                    }
                    else
                    {
                        echo "Entry Cant Submitted".mysqli_error($conn);
                    }
                }
                else
                {
                    print_r($errors);
                }
            }
        }
        else
        {
            echo "All Field are Required";
            die();
        }
    }
    else
    {
        echo "Submit button is not set";
    }
?>

Answer 1

Suddenly you move away from backticks, change this:

$sql = "INSERT INTO `new` (`FirstName`, `LastName`, `Email`, `MobileNumber`,'Image') VALUES ('$FirstName', '$LastName', '$Email', '$MobileNumber','$file_name')";

To this:

$sql = "INSERT INTO `new` (`FirstName`, `LastName`, `Email`, `MobileNumber`,`Image`) VALUES ('$FirstName', '$LastName', '$Email', '$MobileNumber','$file_name')";

Note the backticks near Image.

Also, you should work on your question asking skills, check this link to see what I mean. And your code is wide open to SQL-injection, check out prepared statements here.