Fatal error: Uncaught exception 'PDOException' thrown in C:\xampp\htdocs\register.php on line 19

Question

I have received:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '5538ac14bb2ca7514f9f4d8826f3c45e'')' at line 1' in C:\\xampp\\htdocs\\register.php:19 Stack trace: #0 C:\\xampp\\htdocs\\register.php(19): PDO->exec('insert into use...') #1 {main} thrown in C:\\xampp\\htdocs\\register.php on line 19.

How can this be solved, like what should be done?

<?php
    session_start();

    // If the form has been submitted

    if (isset($_POST['submitted'])){

        // Create a database connection

        $db = new PDO("mysql:dbname=johnsoa7_db;host=localhost", "root", "");
        $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        // Get and sanitise the inputs, we don't need to do
        // this with the password as we hash it anyway

        $safe_forename = $db->quote($_POST['forename']);
        $safe_lastname = $db->quote($_POST['lastname']);
        $safe_email = $db->quote($_POST['email']);
        $hashed_password = $db->quote(md5($_POST['password']));

        // Insert the entry into the database

        $query = "insert into users values (default, $safe_forename, $safe_lastname, $safe_email, '$hashed_password')";

        $db->exec($query);

        // Get the ID

        $id = $db->lastInsertId();

        // Output success or the errors

        echo "Congratulations! You are now registered. Your ID is: $id";
    }
?>

Answer 1

You have an error in this line:

$query = "insert into users values (default, $safe_forename, $safe_lastname, $safe_email,'$hashed_password')";

default should be quoted if it is string.

If it is a variable, you missed $ .

Please see the comment by @ceejayoz:

As he said you don't need quoted around $hashed_password...