PDO prepare insert values

Question

I try to insert the data from my form (createBuilder) into my Database, using PDO and a custom prepare request:

public function createUser($data)
{
    $connect = $this->connectBDD();

    $rq = " INSERT INTO user (email, password, firstname, lastname, salt, role, addf, addl)
            VALUES (:email, :password, :firstname, :lastname, :salt, :role, NULL, NULL)";

    $t  = $connect->prepare($rq);
    $t->execute([
        ':email'     => $data["email"],
        ':password'  => $data["plainPassword"],
        ':firstname' => $data["firstname"],
        ':lastname'  => $data["lastname"],
        ':salt'      => $data["salt"],
        ':role'      => 'ROLE_USER'
    ]);

    return true;
}

But I get the following error:

SQLSTATE[42601]: Syntax error: 7 ERREUR: erreur de syntaxe sur ou près de « user » LINE 1: INSERT INTO user (email, password, firstname, lastname, sal... ^

Is this because of the two 'NULL' last values ? I don't think so because if I add 2 more variables into my array, I still get the error...

Thanks for help

Answer 1

':email' is a string with the characters : , e , m , etc... :email (WITHOUT the ' ) is a placeholder.

Placeholders should never be quoted - quoting them turns into not-placeholders.

$sql = "... VALUES(:email, :password, :firstname,  etc...";