We Keep Coding

MySQLi Syntax Error (PHP) on INSERT using Variables

I am attempting to insert some user-inputted data into my MySQL table using the following command:
$sql = "INSERT INTO Queued ('$role') VALUES ('$sname')";
Interestingly enough, I get the following error:
Error: INSERT INTO Queued ('Tops') VALUES ('Summoner')
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''Tops') VALUES ('Summoner')' at line 1
To be honest, I am relatively new at using PHP as well as MySQL, but I can't seem to find the error in my syntax; the Queued table does exist, $role and $sname are both strings so I encased them in single quotes. I suspect this is a newbie mistake, could anyone point me in the right direction?

This is due to use of single quotes ' around the column name. The query should be like:
$sql = "INSERT INTO Queued ($role) VALUES ('$sname')";
OR
$sql = "INSERT INTO Queued (`$role`) VALUES ('$sname')";

Try this format
$sql = "INSERT INTO Queued ('".$role."') VALUES ('".$sname."')";

`s role is to differentiate between built in SQL words and the column names, so if a word is used for name of a column that might be also a built in sql expression then `` are needed around it

Php mysqli->real_escape_string and MYSQL

I've a little question.
I've written this code to add the values to mysql database but when i run the code and I got an error. Can anybody help me?
the code:
$fel = $mysqli->query("INSERT INTO deleted (uid,buy_type,prop_type,district,street,room_min,room_max,price_min,price_max,condition_type,heat_type,lift_type,parking_type,type_of_del,when)
VALUES ('".$mysqli->real_escape_string($letomb['uid'])."',
'".$mysqli->real_escape_string($letomb['buy_type'])."',
'".$mysqli->real_escape_string($letomb['prop_type'])."',
'".$mysqli->real_escape_string($letomb['district'])."',
'".$mysqli->real_escape_string($letomb['street'])."',
'".$mysqli->real_escape_string($letomb['room_min'])."',
'".$mysqli->real_escape_string($letomb['room_max'])."',
'".$mysqli->real_escape_string($letomb['price_min'])."',
'".$mysqli->real_escape_string($letomb['price_max'])."',
'".$mysqli->real_escape_string($letomb['condition_type'])."',
'".$mysqli->real_escape_string($letomb['heat_type'])."',
'".$mysqli->real_escape_string($letomb['lift_type'])."',
'".$mysqli->real_escape_string($letomb['parking_type']).",
'".$mysqli->real_escape_string($type_of_del)."',
now())") or die($mysqli->error);
Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'when) VALUES ('3', 'kiado', 'lakas', '1'' at line 1

WHEN is a reserved word. Enclosing it in backticks should fix your problem, as it will then be treated as an identifier.
`when`

You should use backticks around your column names. when is a MySQL keyword so it's being interpreted incorrectly. At the very least use backticks around when.

Strange difference between what PHP tells me is a error and my code Insert into Mysql Table?

Hello I am doing some simple inserting into a table from my <php> and it doesn't work let me start off with the code:
<?php
include_once "connect.php";
$db_host="localhost";
$user_name="root";
$pass="";
$db_name="knight orders";
$con = mysql_connect("$db_host","$user_name","$pass") or die("There is a problem with the connection");
mysql_select_db("$db_name",$con) or die("There is a problem with the database");
$name="Default";
$rank=3;
//$name=$_POST['name'];
//$rank=$_POST['rank'];
$table_name="ordertemp";
$query="INSERT INTO '$table_name' ('Code','Name')VALUES ('$rank','$name')";
mysql_query($query,$con) or die("Problems!" . mysql_error());
mysql_close($con);
?>
I'm working with some default values now but I will be reading from a form later, the strange thing is when I check out the mysql_error() result in Firefox it tells me:
Problems!You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''ordertemp' ('Code','Name')VALUES ('3','Default')' at line 1
It's changing some of the semicolons, could this be what causes my error, or if you've seen other faults please point them out.

'$table_name' should not be in quotes: it's a table name, not a string column value,
use backticks if you have to, but they aren't necessary

In MySQL quotes (') are used to denote a string literal.
Backticks (`) are used to denote MySQL 'objects' such as database names, table names and column names.

Don't use quotation marks for table and column names. You can use backticks "`" instead or just leave the quotes out:
$query = "INSERT INTO `{$table_name}` (`Code`, `Name`) VALUES ('{$rank}', '{$name}')";
PS: Never ever insert an unsafe string variable like $name=$_POST['name']; directly into your SQL statements. This makes your application vulnerable against SQL injections. See here for more information: How can I prevent SQL injection in PHP?

Strange MySQL Error. (PHP)

I have a following code:
<?php
include("config.php");
$key = 'blahblah';
$sql = "INSERT INTO softversions SET key='$key'";
$result = mysql_query($sql) or die ($mysql_error());
echo "dude";
?>
This gives me an error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key='svksskjfvns'' at line 1
The thing is that I've used this script about a hundred times on other pages and it worked.
Table and field names are 100% correct.
I don't understand what is going on.
Do you see the syntax error there?

KEY is a reserved word in MySQL and you need to escape it using backticks to use it as a column name and also you should not use SET when inserting.
$sql = "INSERT INTO softversions (`key`) VALUES ('$key')";

key is a reserved word in MySQL. To use it as a column, you need to escape it every time you call it.
$sql = "INSERT INTO softversions SET `key`='$key'";

$sql = "INSERT INTO softversions(keyName) values('{$key}')";

Can't figure out what's wrong with my php/sql statement

So this is probably a dumb beginner question, but I've been looking at it and can't figure it out. A bit of background: just practicing making a web app, a form on page 1 takes in some values from the user, posts them to the next page which contains the code to connect to the DB and populate the relevant tables.
I establish the DB connection successfully, here's the code that contains the query:
$conn->query("SET NAMES 'utf9'");
$query_str = "INSERT INTO 'qa'.'users' ('id', 'user_name','password' ,'email' ,'dob' ,'sx') VALUES (NULL, $username, $password, $email, $dob, $sx);";
$result = #$conn->query($query_str);
Here's the error that is returned:Insert query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''qa'.'users' ('id', 'user_name' ,'password' ,'email' ,'dob' ,'s' at line 1
Thanks in advance!

Unless it's changed since I did MySQL in PHP, escape your db/column/table names with backticks (`), not apostrophes (').

A good general trouble-shooting technique is to make the query work via another interface to the database. For example, phpMyAdmin. If it works there, you have some confidence going forward. or you may find how to fix your SQL. (phpMyAdmin is handy because it will convert your SQL into a ready-made string for PHP.)

You need to escape your column names with a backtick (`) instead of (')
You also need to properly escape the actual values you are inserting as well (use a single quote)

OMG not a single right answer
$query_str = "
INSERT INTO `qa`.`users` (`id`, `user_name`,`password` ,`email` ,`dob` ,`sx`)
VALUES (NULL, '$username', '$password', '$email', '$dob', '$sx')";
identifiers being quoted with backticks, while strings being quoted with apostrophes!
and I hope you have passed all your variables through mysql_real_escape string BEFORE putting it into query, i.e.:
$username = mysql_real_escape string($username);
and so on