This question already has an answer here:
I am trying to execute this INSERT statemente but it isn't executed. I echoed the $query string and it seems ok. When attempting to execute with mysqli_query($connect, $query) nothing happens, just a blank screen.
$query = "INSERT INTO spservices('service_no', 'service_email', 'service_type', 'service_exit_node', 'service_billing', 'service_next_due', 'service_download', 'service_password')
VALUES('$serviceNo','$mail', '$serviceType', '$enode', '$serviceBilling','$nextDue','Pending until payment confirmed','$servicePass')";
if (mysqli_query($connect, $query)) {
//MY CODE SENDS AN EMAIL HERE
}
</div>
Strings with single quotes are considered as user inputs not table/field names in SQL.
So, the corrected SQL:
$query = "INSERT INTO spservices(service_no, service_email, service_type, service_exit_node, service_billing, service_next_due, service_download, service_password)
VALUES('$serviceNo','$mail', '$serviceType', '$enode', '$serviceBilling','$nextDue','Pending until payment confirmed','$servicePass')";
Instead of single quotes in field names, you can use backtick operator
(`) around column/field names.
This is useful when your field name is exactly a reserved SQL word.
For example.
SELECT `select` FROM users