We Keep Coding

Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax

I'm trying to upload information to my DB but it keeps giving me a syntax error.
$query = "INSERT INTO `klant` (`naam`,`adres`,`postcode`,`email`,`nieuwsbrief`) VALUES ($naam,$adres,$postcode,$plaats,$email,$nieuwsbrief)";
The query I use should work as it's the same as in PHPMyAdmin.
The error I receive:
PHP Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '4,1234AB,Rotterdam,email#gmai.com,1)'

Two errors:
There are five columns specified in your insert query, but you're trying to put in six values. They should match. (plaats is missing)
String values should have quotes "" around them in insert statements.
Also, rickdenhaan touched on a good point. Using variables like this is dangerous as it allows for SQL injection, especially if the variables are populated by the public.

Syntax error or access violation: 1064 in code [duplicate]

This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 4 years ago.
I am having problems running a PDO execute and returns an error in MySQL syntax.
The code is as follows:
try {
global $connect;
$arr = array(':ranked' => $db_rank, ':tier' => $db_tier, ':id' => $_SESSION['user_id']);
$query = $connect->prepare('UPDATE users SET :ranked = :tier WHERE id = :id');
$query->execute($arr);
} catch (PDOException $e) {
echo $e->getMessage();
}
where $db_rank returns a string with the column name(conversion from json) and $db_tier returns a joined string(again conversion from json).
It is inside a loop that should update 1-3 columns, but upon execution an exception is thrown:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name1>' = '<value1>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name2>' = '<value2>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name3>' = '<value3>' WHERE id = '3'' at line 1
It should probably be because of the passing of the table column as a variable, in which case how should I proceed to loop it with 3 different pre-set table names without making it spaghetti code ?

Found my answer:
Should prepare the statement with " and not with ' because inside the array the type changes 3 times(once from function, once from passing and once from PREPARE statement). The variables themselve are const and are fetched using a whitelist already(upon decoding from the json request).

'PDOException' Syntax error or access violation: 1064 You have an error in your SQL syntax; check

I keep getting the following error when trying to submit details of an order into my database:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' in /home/ubuntu/workspace/handlers/checkout-handler.php on line 111 PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (order_details, order_address, cust_id, cust_name, delivery_type, paid) ' at line 1.
I can't figure out whats wrong with it, all of the variables are being posted correctly to the page.
$query1 = "INSERT INTO order (order_details, order_address, cust_id, cust_name, delivery_type, paid) VALUES(:details,:address,:d,:name,:delivery,:paid);";
$sql=$conn->prepare($query1);
$sql->bindParam(':details', $details);
$sql->bindParam(':address', $address);
$sql->bindParam(':name', $name);
$sql->bindParam(':delivery', $delivery_type);
$sql->bindParam(':paid', $paid);
$sql->bindParam(':d', $d);
$sql->execute();

order is a reserved keyword. You should add backticks ` around it to use it:
$query1 = "INSERT INTO `order` (order_details, order_address, cust_id, cust_name, delivery_type, paid)
VALUES(:details,:address,:d,:name,:delivery,:paid);";
$sql = $conn->prepare($query1);
See also : Keywords and Reserved Words

I try to make INSERT WHERE in SQL, but it gives me an error [duplicate]

This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 6 years ago.
When I try to insert data where with code:
$query = dbConnect()->prepare("INSERT INTO users(key) WHERE mail='$mail' VALUES ('$key')");
I'm using XAMPP, it gives me an error:
Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'key) WHERE mail='maciej#localhost' VALUES (key)' at line 1 in C:\xampp\htdocs\PHP7_login\restore\index.php:38

You should use backticks for key (because is a reserved word)
and not use where
"INSERT INTO users(`key`) VALUES ('$key')"
or if you need an update
"UPDATE users
set `key` = '$key'
where mail = '$mail'"

The guess is that you want update:
update users
set key = '$key'
where mail = '$mail' ;
You should also learn to use parameters for values in queries. Substituting strings into the query string introduces the possibility of unexpected errors and makes the code vulnerable to SQL injection attacks.

PDO Fatal Error Check Syntax [duplicate]

This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 7 years ago.
For some reason I'm gettin this error on the second line of included code:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'div='CA' WHERE vid='400373'' at line 1' in /home/stretch045/public_html/scripts/auth.php:12 Stack trace: #0 /home/stretch045/public_html/scripts/auth.php(12): PDO->prepare('UPDATE users SE...') #1 /home/stretch045/public_html/index.php(35): Auth->checkToken('94257b73ea4ed51...') #2 {main} thrown in /home/stretch045/public_html/scripts/auth.php on line 12
code
$conn = $this->db;
$stmt = $conn->prepare("UPDATE users SET rating='".$xml->rating."', atc='".$xml->ratingatc."', pilot='".$xml->ratingpilot."', div='".$xml->division."' WHERE vid='".$xml->vid."'");
$stmt->execute();
if($stmt->rowCount()==0){
$stmt = $conn->prepare("INSERT INTO users (vid, fname, lname, rating, atc, pilot, div) VALUES (".$xml->vid.",".$xml->firstname.",".$xml->lastname.",".$xml->rating.",".$xml->ratingatc.",".$xml->ratingpilot.",".$xml->division.")");
$stmt->exec($stmt);
echo 'data inserted into db';
}

div is a reserved keyword in MySQL and needs to be escaped by backticks.
INSERT INTO users (vid, ..., `div`) VALUES (...)