syntax error with prepared statements mysql/php

Question

Been messing around with this since last night at no avail.

createOrder($website,(int)$nVotes,(int)$timeframe,$loggedInUser->email,$server,(int)$start,$referer);

var_dumping these variables shows (earlier):

string(2) "web1" string(2) "10" string(2) "10" string(23) "myemail@gmail.com" string(8) "myserver" int(1423063633) string(17) "http://google.com"

and the function where there seems to be a problem is:

function createOrder($website,$votes,$timeframe,$user,$server,$start,$referer)
{
    global $mysqli,$db_table_prefix;
    $time = time();
    $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."orders (
        serverId,
        orderUser,
        targetUrl,
        nVotes,
        timeframe,
        referer,
        starting
        )
        VALUES (
        ?,
        ?,
        ?,
        ?,
        ?,
        ?,
        ?
        )");
    file_put_contents("error.log", $mysqli->errno . $mysqli->error );
    $stmt->bind_param("sssiisi", $server, $user, $website, $votes, $timeframe, $referer, $start);
    file_put_contents("error1.log", $stmt->errno . $stmt->error );
    $stmt->execute();
    file_put_contents("error1.log", $stmt->errno . $stmt->error );
    $stmt->close(); 

nginx.error.log blames the bind_param

"PHP message: PHP Fatal error: Call to a member function bind_param() on a non-object in funcs.php on line 1223

error.log blames a syntax error

(check the manual) for the syntax to use near 'starting

  )
                VALUES (
                ?,
                ?,
                ?,
                ?,
                ?,
                ?,
                ?
                )' at line 8

Answer 1

The issue is starting is a reserved word in MySQL, and you're using it as a field name. You should wrap it in backticks:

    serverId,
    orderUser,
    targetUrl,
    nVotes,
    timeframe,
    referer,
    `starting`