0

I'm trying to insert a record into my Database. I keep hitting an error...I've been stalled for the past two hours.. I really hope it's not a typographical error, but I also hope it is.. Checking similar SO answers, I don't have connection problems, I don't appear to be using any reserved keywords, I have all permissions, and the table is definitely users: 

    $username = $mysqli->real_escape_string($_POST['username']);
    $joinedOn = time();

    $insertQuery = "INSERT INTO users ('username', 'joinedon') VALUES ('$username', $joinedOn);";

    if ($mysqli->query($insertQuery)) {
        echo "success!";
    } else {
        echo $mysqli->error;
        echo '<br>';
    }

Here's the error I'm getting:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''username', 'joinedon') VALUES ('dsf', 1483411360)' at line 1

Other useful information:

Table: users
Columns (3): id INT(11) autoincrement , username VARCHAR(20) , joinedon INT(11)

The other weird thing is, the joinedon field is of type INT(11) however, inserting directly from PHPMyAdmin, I am able to insert a strings containing only numbers.

Govind Rai
  • 14,406
  • 9
  • 72
  • 83
  • 1
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use manual escaping and string interpolation or concatenation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/) if you ever forget to properly escape something. – tadman Jan 03 '17 at 03:45
  • Read the error: **Check the manual**. Why does nobody do this? – tadman Jan 03 '17 at 03:46
  • @tadman Thanks for your comments. I'm starting those lessons tomorrow :). I had mysqli knowledge from a couple years back, just wanted to do a quick writeup... You know I have 5 years of professional T-SQL knowledge, but I confused myself by adding quotes to column names mixing sql and php and interpolation... I read the errors many times, did my research, didn't see the error in front of my eyes... it happens :) – Govind Rai Jan 03 '17 at 03:49
  • Still, I don't disagree with your comments. Have a great day! – Govind Rai Jan 03 '17 at 03:51
  • 1
    No trouble. The MySQL documentation is actually very in-depth and explains the syntax in minute detail. If you ever get an error like this, no joke, check the documentation. The order of things matters, the types of characters used to escape matters, every detail is important. Just having at it and taking wild guesses is the least productive way of solving problems. – tadman Jan 03 '17 at 04:03

0 Answers0