MySQL syntax error (using with PHP)

Question

I'm getting a MySQL syntax error on the following code:

$addcompany = mysql_query("INSERT INTO company (method, category, email, password,   
companyname, phone, address, state, zip, ratingcount, ratingscore, usage, date)
VALUES ('$method','$category','$email','$temp_encrypted_password',
'$companyname','$phone','$address','$state','$zip','0','0','0',CURDATE()) ")
or die(mysql_error());

So the statement dies. MySQL error tells me:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL 
server version for the right syntax to use near 'usage, date) VALUES 
('referral','referral','email@gmail.com','d90ccafeea7983' at line 1

I've checked my table and all the column names are correct and there doesn't seem to be any confliction with what I am trying to insert vs what is allowed to be entered into the column.

So I'm pretty annoyed at this point that I can't figure out what must be a simple error. Annoyed enough that hopefully somebody here can point it out to my right quick.

Thanks for your time

Answer 1

usage是保留字 ，必须使用反引号将其转义。

... ratingscore, `usage`, date) ...

Answer 2

Try putting backticks around your fieldnames: `fieldname1`, `fieldname2`. This prevents mysql keywords from being taken as reserved keyword.

Additionally, you should filter your userinput. But this is not relevant to your question. Just a hint for safety. ;-)

Answer 3

try this

(method, category, email, password,   
companyname, phone, address, state, zip, ratingcount, ratingscore, \usage\, date)

you cant use 'usage' directly as its reserved word