PDO prepared statement syntax warning

Question

I am new to PDO and I'm just writing a test page to take $_POST data from a simple form and insert it into MySQL through a prepared statement, but I keep getting error messages. Here is the php:

$DBH = new PDO("mysql:host=localhost;dbname=randomDB", 'user', 'password');
$DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );

$newUserStmt = $DBH->prepare("INSERT INTO 'userbasicinfo' ('email', 'passHash', 'birthday', 'phoneNumber') VALUES (?, ?, ?, ?)");
$newUserStmt->bindParam(1, $email);
$newUserStmt->bindParam(2, $passHash);
$newUserStmt->bindParam(3, $birthday);
$newUserStmt->bindParam(4, $phoneNumber);


$email = $_POST['email'];
$passClear = $_POST['password'];
$passHash = password_hash($passClear, PASSWORD_DEFAULT);
$birthday = $_POST['birthday'];
$phoneNumber = $_POST['phone'];
$newUserStmt->execute();

$DBH = null;

And this is the warning:

Warning: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''userbasicinfo' ('email', 'passHash', 'birthday', 'phoneNumber') VALUES ('billy@' at line 1 in C:\xampp\htdocs\test.php on line 18

Answer 1

Use backticks instead of single-quotationmarks for tablenames (and columnnames):

$newUserStmt = $DBH->prepare("INSERT INTO `userbasicinfo` (`email`, `passHash`, `birthday`, `phoneNumber`) VALUES (?, ?, ?, ?)");

With single-quotationsmarks your Database-Server interpretate the tablename as a string.