I have this PHP code:
$ua = $mysqli->real_escape_string($_SERVER['HTTP_USER_AGENT']);
$mysqli->query("INSERT INTO browsers(useragent, account, allowed, key, ip) VALUES('$ua', {$userR['id']}, 0, '(Key/token)', '(IP address)')");
Which is the following SQL query:
INSERT INTO browsers(useragent, account, allowed, key, ip) VALUES('Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.56 Safari/537.17', 8, 0, 'bc132b38f35a01ce', '127.0.0.1')
However: even after escaping the query does not work:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key, ip) VALUES('Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.17 (KHTML, like' at line 1
You are using a mysql RESERVED KEYWORD in your query that is key, simply surround it with backtick ` to let database understand it is a column
$mysqli->query("INSERT INTO browsers(useragent, account, allowed, `key`, ip) VALUES('$ua', {$userR['id']}, 0, '(Key/token)', '(IP address)')");