执行mysqli_query时出现SQL语法错误

Question

I have an PHP registration script with MySQLi and OOP. But i get an mysql syntax error when executing an query.

 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-mail, ip_register, ip_lastlogin, lastlogin) VALUES ('', Aarivex, ******, ****' at line 1

PHP Code:

$register_sql = "INSERT INTO users (id, username, password, pin, e-mail, ip_register, ip_lastlogin, lastlogin) VALUES ('', $username, $password, $pin, $email, $ip, $ip, $lastlogin)";

Wheres the problem?

Answer 1

...for the right syntax to use near '-mail  
SQL's telling you where error starts ^ the offending character 

You need to wrap/encapsulate the e-mail column in backticks since it contains a hyphen.

SQL figures you want to do math which translates to: e minus mail

Plus, missing quotes in your values

$register_sql = "INSERT INTO users (id, username, password, pin, `e-mail`, ip_register, ip_lastlogin, lastlogin) VALUES ('', '$username', '$password', '$pin', '$email', '$ip', '$ip', '$lastlogin')";

Those are strings and must be inside quotes.

• Another option would be to rename your column to e_mail using an underscore as you did for some of the other columns. That way, you would not need to use backticks.

---

Look into using one of the following also:

• Prepared statements

• PDO with prepared statements .

---

Having used or die(mysqli_error($con)) to mysqli_query() would have signaled the error(s).

$con being your DB connection, this could/stand to be different than yours.

• Adjust accordingly.

---

Identifiers (table/columns)

• More on this topic: http://dev.mysql.com/doc/refman/5.0/en/identifier-qualifiers.html

---

Tip:

Try and avoid using hyphens, or spaces or any other character that SQL may complain about, this includes using a space in between words.

Ie:

INSERT INTO your_table (column 1, column-2) <= will cause/throw an error

you would need to use backticks:

INSERT INTO your_table (`column 1`, `column-2`) <= correct / valid

Although spaces are allowed ( yet discouraged ), they too need to be encapsulated in backticks.

Answer 2

If you're going to have a dash in a column identifier (which is a bad idea) you must wrap it in ticks. Otherwise you are subtracting the value of the mail column from the e column which not not valid in an INSERT statement.

You're also missing quotes around your string values.

$register_sql = "INSERT INTO users (id, username, password, pin, `e-mail`, ip_register, ip_lastlogin, lastlogin) VALUES ('', '$username', '$password', '$pin', '$email', '$ip', '$ip', '$lastlogin')";

Answer 3

尝试将电子邮件字段名称更改为电子邮件，或者您需要用反引号将字段名称包含在内，如下所示：

`e-mail`

Answer 4

I suppose your id is set to Auto Increment . If it is just remove the first column from the insert statement and it should work fine.

$register_sql = "INSERT INTO users (username, password, pin, e-mail, ip_register, ip_lastlogin, lastlogin) VALUES ($username, $password, $pin, $email, $ip, $ip, $lastlogin)";

And yes, change the e-mail field to `e-mail`.