I'm getting a MySQL syntax error on the following code:
$addcompany = mysql_query("INSERT INTO company (method, category, email, password,
companyname, phone, address, state, zip, ratingcount, ratingscore, usage, date)
VALUES ('$method','$category','$email','$temp_encrypted_password',
'$companyname','$phone','$address','$state','$zip','0','0','0',CURDATE()) ")
or die(mysql_error());
So the statement dies. MySQL error tells me:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near 'usage, date) VALUES
('referral','referral','email@gmail.com','d90ccafeea7983' at line 1
I've checked my table and all the column names are correct and there doesn't seem to be any confliction with what I am trying to insert vs what is allowed to be entered into the column.
So I'm pretty annoyed at this point that I can't figure out what must be a simple error. Annoyed enough that hopefully somebody here can point it out to my right quick.
Thanks for your time
usage is a reserved word and must be escaped using backticks.
... ratingscore, `usage`, date) ...
try this
(method, category, email, password,
companyname, phone, address, state, zip, ratingcount, ratingscore, \usage\, date)
you cant use 'usage' directly as its reserved word
Try putting backticks around your fieldnames: `fieldname1`, `fieldname2`. This prevents mysql keywords from being taken as reserved keyword.
Additionally, you should filter your userinput. But this is not relevant to your question. Just a hint for safety. ;-)