Hola, he empezado con PDO y al insertar un valor para que no realizen inyecciones SQL en la sentencia utilizo $connection->quote($_POST['user'] pero me da el siguiente error:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Mensaje enviado desde el input'', 'password')' at line 1' in C:\xampp\htdocs\index.php:5 Stack trace: #0 C:\xampp\htdocs\index.php(5): PDO->exec('INSERT INTO use...') #1 {main} thrown in C:\xampp\htdocs\index.php on line 5
Código PHP:
Ver original<?php
if(isset($_POST['submit'])){ $connection = new PDO("mysql:host=localhost;dbname=PDO","root","");
$connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$result = $connection->exec("INSERT INTO user(id,username,password) VALUES ('', '".$connection->quote($_POST['user'])."', 'password')"); }
?>
<form action="" method="post">
<input name="user">
<input name="submit" type="submit">
</form>
He buscado en google pero no encontre nada