I am new to PDO and I'm just writing a test page to take $_POST data from a simple form and insert it into MySQL through a prepared statement, but I keep getting error messages. Here is the php:
$DBH = new PDO("mysql:host=localhost;dbname=randomDB", 'user', 'password');
$DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
$newUserStmt = $DBH->prepare("INSERT INTO 'userbasicinfo' ('email', 'passHash', 'birthday', 'phoneNumber') VALUES (?, ?, ?, ?)");
$newUserStmt->bindParam(1, $email);
$newUserStmt->bindParam(2, $passHash);
$newUserStmt->bindParam(3, $birthday);
$newUserStmt->bindParam(4, $phoneNumber);
$email = $_POST['email'];
$passClear = $_POST['password'];
$passHash = password_hash($passClear, PASSWORD_DEFAULT);
$birthday = $_POST['birthday'];
$phoneNumber = $_POST['phone'];
$newUserStmt->execute();
$DBH = null;
And this is the warning:
Warning: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''userbasicinfo' ('email', 'passHash', 'birthday', 'phoneNumber') VALUES ('billy@' at line 1 in C:\xampp\htdocs\test.php on line 18
Use backticks instead of single-quotationmarks for tablenames (and columnnames):
$newUserStmt = $DBH->prepare("INSERT INTO `userbasicinfo` (`email`, `passHash`, `birthday`, `phoneNumber`) VALUES (?, ?, ?, ?)");
With single-quotationsmarks your Database-Server interpretate the tablename as a string.