PHP MySql INSERT INTO - Syntax Error

Question

Trying to create a simple PHP MySql insert form that inserts an email address and random ten digit code and it keeps returning:

Please check email Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' NcB44PeYbI)' at line 1

NcB44PeYbI is obviously the random code generated.

function generateRandomString($length = 10) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}

$con=mysqli_connect("localhost","username","password","dbname");
// Check connection
if (mysqli_connect_errno())
{
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// escape variables for security
$email = mysqli_real_escape_string($_POST['email']);
$acticode = generateRandomString();



$sql="INSERT INTO xActivate (EMAIL_ADDRESS, ACTIVATION_CODE) VALUES ($email, $acticode)";

if (!mysqli_query($con,$sql))
{
  die('Error: ' . mysqli_error($con));
}
echo "1 record added";

mysqli_close($con);

Thanks for your assistance!

Answer 1

Put the values in quotes:

$sql="INSERT INTO xActivate (EMAIL_ADDRESS, ACTIVATION_CODE) VALUES ('$email', '$acticode')";

Answer 2

Try this:

$sql="INSERT INTO xActivate (EMAIL_ADDRESS, ACTIVATION_CODE) VALUES ('$email', '$acticode')";