-2

The following MySQL statement reports incorrect SQL syntax when run by PHP but I can't find any obvious mistakes in it.

"INSERT INTO {$UserTable} (username, password, email, salt) VALUES ({$Username}, {$Password}, {$Email}, {$Salt});"

I added a few debug functions to my script in order to see what the issue is, but yet to notice the issue.

Final Query

INSERT INTO users (username, password, email, salt) VALUES (TestUser, ea55336ae722b176a64eff46bbf7eeb0f5053a04f5e94670d719656dc496a8a754dd3e36ead83459020021526747b0a9fc82c397a40699e64f37ad2460a61067, TestEmail, EWEQPVVWIGX);

Error message

Unknown column 'TestUser' in 'field list'
Taryn
  • 242,637
  • 56
  • 362
  • 405
Ryan
  • 957
  • 5
  • 16
  • 34
  • 1
    @YourCommonSense: Almost, but the description of using PDO is woefully inadequate, as well as being almost a footnote. Plus pretending that the answers are "wrong" is childish at best, lying at worst. At 61k you should know better. – Lightness Races in Orbit Jul 21 '13 at 20:16

3 Answers3

2

Wrap the individual values with single quotes.

 "INSERT INTO {$UserTable} (username, password, email, salt) VALUES ('{$Username}', '{$Password}', '{$Email}', '{$Salt}');"
Abhishek Kannan
  • 988
  • 8
  • 16
1

Final Query should be

INSERT INTO users (username, password, email, salt) 
VALUES ('TestUser', 'ea55336ae722b176a64eff46bbf7eeb0f5053a04f5e94670d719656dc496a8a754dd3e36ead83459020021526747b0a9fc82c397a40699e64f37ad2460a61067','TestEmail', 'EWEQPVVWIGX');
Yogesh Suthar
  • 30,424
  • 18
  • 72
  • 100
Timothy Zhang
  • 21
  • 2
0

You need to add single quotes around all strings of characters

xonorageous
  • 2,281
  • 7
  • 26
  • 35