PDO Fatal Error Check Syntax

Question

For some reason I'm gettin this error on the second line of included code:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'div='CA' WHERE vid='400373'' at line 1' in /home/stretch045/public_html/scripts/auth.php:12 Stack trace: #0 /home/stretch045/public_html/scripts/auth.php(12): PDO->prepare('UPDATE users SE...') #1 /home/stretch045/public_html/index.php(35): Auth->checkToken('94257b73ea4ed51...') #2 {main} thrown in /home/stretch045/public_html/scripts/auth.php on line 12

code

$conn = $this->db;
$stmt = $conn->prepare("UPDATE users SET rating='".$xml->rating."', atc='".$xml->ratingatc."', pilot='".$xml->ratingpilot."', div='".$xml->division."' WHERE vid='".$xml->vid."'"); 
$stmt->execute();
if($stmt->rowCount()==0){
     $stmt = $conn->prepare("INSERT INTO users (vid, fname, lname, rating, atc, pilot, div) VALUES (".$xml->vid.",".$xml->firstname.",".$xml->lastname.",".$xml->rating.",".$xml->ratingatc.",".$xml->ratingpilot.",".$xml->division.")"); 
     $stmt->exec($stmt);
     echo 'data inserted into db';
}

reserved word questions are often asked; voted to close as such — Funk Forty Niner, Jul 20 '15 at 22:12
yeah @DrewPierce but an answer's been slipped in ;-) I'll post an answer for these, like 1 in 1000. I rarely do. — Funk Forty Niner, Jul 20 '15 at 22:15
@DrewPierce si signore ;-) I don't "need" the points. No quota for this guy. — Funk Forty Niner, Jul 20 '15 at 22:16

score 3 · Accepted Answer · answered Jul 20 '15 at 22:09

3

div is a reserved keyword in MySQL and needs to be escaped by backticks.

INSERT INTO users (vid, ..., `div`) VALUES (...)

answered Jul 20 '15 at 22:09

juergen d

201,996
37
293
362

PDO Fatal Error Check Syntax

1 Answers1