SQL: username and password not recognized correctly

Question

..of which I can't figure out what the exact problem is and/or why the interepreter is complaining about this. I'll post my code:

prepare($query);
    $result = $stmt->fetch();

    if(!$result)
    {
        $isBanned = $userHandler->checkIfBanned($ip);

        if (!$isBanned)
        {
            $query = "INSERT INTO users(username, password, ip, email) VALUES({$username}, {$password}, {$ip}, {$email})";
            $stmt = $db->prepare($query);
            $result = $stmt->execute();
        }
        else
        {
            echo "You are BANNED from this server. Leave now and do not come back.";
            exit();
        }   
    }
    else
    {
        $query = "UPDATE users SET username = {$username}, password = {$password}, email = {$email} WHERE ip = {$ip} ";
        $stmt = $db->prepare($query);
        $result = $stmt->execute();
    }


?>

My output resembles the following:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.193.239, test@email.com)' at line 1' in /home/someuser/somedomain.com/portfolio/private_html/modules/register_user.script.php:29 Stack trace: #0 /home/someuser/somedomain.com/portfolio/private_html/modules/register_user.script.php(29): PDOStatement->execute() #1 {main} thrown in /home/someuser/somedomain.com/portfolio/private_html/modules/register_user.script.php on line 29

While I did follow the Stacktrace, it didn't really seem to help anything: my PDOstatement is correct.

Clive · Accepted Answer

I think your string values need to be inside quotes:

$query = "INSERT INTO users(username, password, ip, email) VALUES('{$username}', '{$password}', '{$ip}', '{$email}')";

SQL: username and password not recognized correctly

Answers (1)

Related Questions