php - SQL syntax error: can't be found

Question

I'm new to SQL so i'm probably missing something. Apparently I have a syntax error on this line:

 $mysql = 'INSERT INTO Orders (Name, Recipient, Destination, Room, Message, Anonymous, OffCampus, OffCampusAddress) VALUES (?, ?, ?, ?, ?, ?, ?, ?)';

Could anyone help me identify what I am doing wrong? Thanks in advance

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?, ?, ?, ?, ?, ?, ?, ?)' at line 1

Here is my parameter binding:

  mysqli_stmt_bind_param($stmt, 'ssssssss', $name, $recipient, $destination, $room, $message, $anonymous, $offcampus, $offcampusaddress);

Answer 1

It should look like this:

 $link = mysqli_connect('localhost', 'my_user', 'my_password', 'world');
 $mysql = "INSERT INTO Orders
" + 
          "(Name, Recipient, Destination, Room, Message, Anonymous, OffCampus, OffCampusAddress)
" + 
          "VALUES
" + 
          "(?, ?, ?, ?, ?, ?, ?, ?)";
 $stmt = mysqli_prepare($link, $mysql);
 mysqli_stmt_bind_param($stmt, 'ssssssss', $name, $recipient, $destination, $room, $message, $anonymous, $offcampus, $offcampusaddress);
 mysqli_stmt_execute($stmt);