You have an error in your SQL syntax; check the manual that corresponds to your mariadb server

Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named “SQL injection“, it is dangerous for your database and error …