INSERT INTO不能正常运行

I have an error with my insert into line, it's about this bad boy

mysql_query("INSERT INTO accounts('username', 'password', 'firstname', 'lastname', 'email') 
VALUES($username, $password, $firstname, $lastname, $email)") 
or die("Could not create account! <br/>" . mysql_error());

the error I am supplied with is the following:

Could not create account!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''username', 'password', 'firstname', 'lastname', 'email') VALUES(test, test,' at line 1

I suspect it has something to do with the variables not being called correctly?

There are a variety of problems, so I'll summarize them:

  • INSERT INTO t1 ('col' -- note that 'col' is wrapped in quotes. This means that it attempts to insert into the string literal "col1" rather than the column name. Remove the quotes and replace them with backticks (or nothing)
  • The values themselves are not wrapped in quotes. You have VALUES(test -- this semantically means insert the value of column "test," which makes no sense. You actually need to wrap this one in quotes.
  • I'd venture to guess that none of the input parameters are properly escaped. You should use properly parameterized queries with PDO or mysqli.

My friend the fields in the querys shouldn't be quoted. Try this:

mysql_query("INSERT INTO accounts (username, password, firstname, lastname, email) VALUES($username, $password, $firstname, $lastname, $email)") or die("Could not create account!" . mysql_error());

Good luck

you don't have to use quotes ' in the query but backtick `

mysql_query("INSERT INTO `accounts` (`username`, `password`, `firstname`, `lastname`, `email`) VALUES('".$username."', '".$password."','". $firstname."', '".$lastname."', '".$email."')") or die("Could not create account! " . mysql_error())

insert into documentation

I would like to also to remember you that mysql_ functions are deprecated so i would advise you to switch to mysqli or PDO for new projects.

mysql_query is not recommended, soon to be deprecated. Probably best to use PDO or mysqli instead. http://php.net/manual/en/function.mysql-query.php

But to answer your question, I believe it's because your column names are in single quotes(rather than backticks).

It's your values that need to be within single-quotes. You'll probably want to run mysql_real_escape_string on those variables too, to prevent SQL injection. Or just use PDO prepared statements instead. http://php.net/manual/en/pdo.prepared-statements.php