This query
$email = $mysqli->real_escape_string($_POST['email']); // User's email.
$key = RandomString(128); // A random string of 128 characters.
$newTime = $_SERVER['REQUEST_TIME'] + 1800; // Expiration timer.
$queries[] = "INSERT INTO verification (
email,
key,
time
) VALUES (
'$email',
'$key',
$newTime
)";
$errors = false;
$mysqli->autocommit(false);
foreach ($queries as $query) {
if (!$mysqli->query($query)) {
$errors = true;
}
}
is giving me the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key, time) VALUES ('[email protected]', 'e1e4091197640bae0a4588b8666e87b6b' at line 1.
But the query above works, just by adding a few backticks (grave accent):
$queries[] = "INSERT INTO verification (
`email`,
`key`,
`time`
) VALUES (
'$email',
'$key',
$newTime
)";
Can anyone explain how this change would fix the issue?
time
and key
are reserved words. If you're going to use them for a column name, which is a bad idea, they requires backticks to escape them.
Backticks are needed in MySQL whenever the name of an identifier is a reserved word. In your case, KEY
is a reserved word and will cause syntax errors unless you enclose it like that. It's normally a good idea to avoid creating names like that.
You can find a list of reserved words here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With