Error in SQL syntax when I try a query
Question
i've a big (and stupid) problem with a simple sql insert to query (mysqli), i've already used this format without errors, but now didn't work..
please help me find the problem..
//Get admin form details
$a_user = $_POST["a_user"];
$a_pass = $_POST["a_pass"];
$a_pin = $_POST["a_pin"];
if($a_user == "$admin_username" && $a_pass == "$admin_password" && $a_pin == "$admin_pin"):
$keygen = md5(microtime().rand());
$mysqli->query("INSERT INTO keys (keygen) VALUES ('$keygen')") or die(mysqli_error($mysqli));
$mysqli->close;
else:
header("Location: ?page=admin&error=1");
endif;
Here is the error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'keys (keygen) VALUES ('85faa7f618e433819d7e5ca57076377c')' at line 1
1 answers
solution1
6 ACCPTED 2014-09-19 10:35:15
keys is MySQL reserved word http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Either wrap it in backticks or use another name for it.
INSERT INTO `keys`
Sidenote:
MD5 is old and considered broken if you're intending on using it for password purposes.
Use CRYPT_BLOWFISH or PHP 5.5's password_hash() function.
For PHP < 5.5 use the password_hash() compatibility pack .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.