Failing query using mysqli

Question

Dear stackoverflow community, I seem to have ran into a problem. I am making a UCP for my SAMP server and I have an issue with one of my administrative function files.

<?php
session_start();

if($_SESSION['admin'] == 0) {
  echo '<script>setTimeout("window.location=\'../index.php\'", 0)</script>';
}

include("../includes/connect.php");

$Charname = $_POST['charname'];
$Username = $_POST['username'];
$Faction = (int)$_POST['faction'];
$Rank = (int)$_POST['rank'];

$query = $mysqli->query("UPDATE characters SET Faction='$Faction', FactionRank='$Rank' WHERE Username='$Username' AND Character='$Charname'");

if($query == false) {
  echo '<div class="error" id="error">Your request cannot be handled at this time.</div>';
} else {
  header("Location: ../changepfac.php");
}

?>

That's the page that I am using for my form's action. The problem seems to be the query, as this is the input I should be getting:

UPDATE characters SET Faction='5', FactionRank='6' WHERE Username='Derek_McFlies' AND Character='Derek_McFlies';

And when I execute that in phpMyAdmin, I get the following error:

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '='Derek_McFlies'' at line 1 

The point of the query is to check if the Username and Character name are the same as the one in the database and then update them with the new faction and faction rank of the player.

If someone can help me sort this out, it'll be great!

Best Regards, Pavel

Answer 1

character is a reserved keyword. If you want to name a column identiofier with it you must wrap it in ticks:

UPDATE characters SET Faction='5', FactionRank='6' WHERE Username='Derek_McFlies' AND `Character`='Derek_McFlies';