I am trying to make a sign up page using php and then when I write the mysql statements below it won't accept it rather it will spit out an error which I am trying to figure out for hours now.
$query = "INSERT INTO users(username, password,name,surname,email,role)VALUES($username, $password,$name,$lastname,$email,$role)";
$stmt = mysqli_prepare ($dbh, $query) or die(mysqli_error($dbh));
The error that shows is:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '@hotmail.com,Employee)' at line 1.
Make sure you use proper quotes if you insert strings:
$query = "INSERT INTO users(username, password,name,surname,email,role)VALUES('$username', '$password','$name','$lastname','$email','$role')";
Nevertheless you should avoid variables in statements in favor of prepared statements using placeholders. See https://stackoverflow.com/a/7537500/1782738 .