MySQL syntax error in a simple query

Question

I have this little bit of code here and I am totally lost as I am getting a syntax error near 'unique = 'dD0231q' LIMIT 1' at line 1. It might be something very simple, but I seem to be blind to my own errors..

 $unique = $_GET["unique"];
 $results = $mysqli->query("SELECT * FROM written WHERE unique = '$unique' LIMIT 1

are you sure it is everything? – lulco Jan 24 '15 at 16:45 — lulco, Jan 24 '15 at 16:45
Unique is a reserved word,wrap it with backticks – Mihai Jan 24 '15 at 16:46 — Mihai, Jan 24 '15 at 16:46

score 3 · Accepted Answer · answered Jan 24 '15 at 16:46

UNIQUE is a keyword in MySQL. If you want to use it as a table column name please wrap it in ` (backtick) quotes like this:

SELECT * FROM written WHERE `unique` = '$unique' LIMIT 1

Also please don't just put values you recieve from a user directly into your query. That's how SQL injections happen. Rather use Prepared Statements.

score 2 · Answer 2 · edited May 23 '17 at 11:43

UNIQUE is a MySQL reserved word http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html

either wrap the column in ticks or rename it.

SELECT * FROM written WHERE `unique` = '$unique'

The error says it all:

syntax error near 'unique

Plus, in regards to SQL injection which is something you are open to, use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

Just for argument's sake, finish it off:

$results = $mysqli->query("SELECT * FROM written WHERE `unique` = '$unique' LIMIT 1");

MySQL syntax error in a simple query

2 Answers2