Error while doing PHP mysqli insert into table

Question

I have table column

log_id

as primary_key auto_increment.

Do I need to specify it within INSERT INTO statement or no?

I am getting next error while trying to insert values into my database:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(log_session,log_ip,log_vrijeme,log_model) my_log VALUES ('270043ae1526e4' at line 1 INSERT INTO (log_session,log_ip,log_vrijeme,log_model) my_log VALUES ('270043ae1526e44967889b4382ff69fd','93.142.54.135','2018-11-23 14:06:15','1402')

My code is:

<?php
$_SESSION['compare_hash'] = "270043ae1526e44967889b4382ff69fd";

$log_session = $_SESSION['compare_hash'];
$log_ip = $_SERVER['REMOTE_ADDR'];
$log_vrijeme = date("Y-m-d H:i:s");
$log_model = "1402";

$con = mysqli_connect("localhost","user","password","databse");
$sql = "
    INSERT INTO (log_session,log_ip,log_vrijeme,log_model) my_log
    VALUES ('$log_session','$log_ip','$log_vrijeme','$log_model')
";
$rez = mysqli_query($con, $sql) or die(mysqli_error($con)."<br>$sql");
mysqli_close($con);
?>

Table structure:

Field           Type       Null    Key  Default     Extra   
log_id          int(11)     NO     PRI  NULL     auto_increment
log_session     varchar(42) NO     MUL  NULL    
log_ip          varchar(15) NO          NULL    
log_vrijeme     datetime    NO     MUL  NULL    
log_model       int(11)     NO     MUL  NULL    

Thank you for help.

Answer 1

You should put my_log right after INSERT INTO:

<?php
$_SESSION['compare_hash'] = "270043ae1526e44967889b4382ff69fd";

$log_session = $_SESSION['compare_hash'];
$log_ip = $_SERVER['REMOTE_ADDR'];
$log_vrijeme = date("Y-m-d H:i:s");
$log_model = "1402";

$con = mysqli_connect("localhost","user","password","databse");
$sql = "
    INSERT INTO my_log (log_session,log_ip,log_vrijeme,log_model)
    VALUES ('$log_session','$log_ip','$log_vrijeme','$log_model')
";
$rez = mysqli_query($con, $sql) or die(mysqli_error($con)."<br>$sql");
mysqli_close($con);
?>

However, your code has several drawbacks, I'll describe them a bit later.

1. Don't pass unescaped variables into query

Until you have no other way. Use mysqli_real_escape_string($con, $your_var) to prevent SQL injection and using PDO would make it even better.

2. Use HEREDOC syntax to ensure query consistency during future edits

In this way even if you of someone will put " into query it would still work as expected.

3. Omit closing tag on the end of your PHP files if you don't have any content below

This will prevent surprising errors from happening.

<?php
$_SESSION['compare_hash'] = "270043ae1526e44967889b4382ff69fd";
$con = mysqli_connect("localhost","user","password","databse");

$log_session = mysqli_real_escape_string($con, $_SESSION['compare_hash']);
$log_ip = mysqli_real_escape_string($con, $_SERVER['REMOTE_ADDR']);
$log_vrijeme = mysqli_real_escape_string($con, date("Y-m-d H:i:s"));
$log_model = mysqli_real_escape_string($con, "1402");

$sql = <<<SQL
    INSERT INTO my_log (log_session,log_ip,log_vrijeme,log_model)
    VALUES ('${log_session}','${log_ip}','${log_vrijeme}','${log_model}')
SQL;

$rez = mysqli_query($con, $sql) or die(mysqli_error($con)."<br>$sql");
mysqli_close($con);