What's wrong with this SQL statement?
 

It is under PHP/MySQL

$queryresult = $conn->query("INSERT INTO normalrequests VALUES($finalkey, 1234, 5678, FALSE)");

thanks....

it is connected to the database successfully but I feel there is something wrong with the statement up there~~

As far as I'm aware (and without having tried it) the format is correct, as long as you have 4 fields and 4 fields only, which appear in the order listed above. If you had, say, 5 fields then you would need to tell it into which columns you wanted to enter data:

where key, numberone, etc. were the names of your columns.

Hi -

STRONG SUGGESTION:
Cut/paste the exact statement into mysql.

This will give you an error message; you should be able to identify and resolve the problem almost immediately.

If you have any questions about what mySql is doing, then cut/paste your input and the mysql response into this thread.

My guess is that you probably need to quote one or more of your values.

'Hope that helps!

Isn't this a security vulnerability?

If finalKey were set to:

Then the line would be:

As a rule, every database query that involves a parameter should be done with prepared statements and parameter binding.

It depends on what is in the variable "$finalkey". If this is always an integer I suggest to make before $conn->query().

Hi again, puppymagic -

Let me repeat - if you think a SQL statement might be having a problem, just try copying/pasting the statement into mysql.

You can add a PHP "echo" to your code in order to get something you can copy/paste from.

It's probably the fastest/easiest way to troubleshoot.

And please let us know how things turn out! :)

oh the problem has been solved by going '$finalkey' instead of $finalkey thanks for all your inputs, guys and girls from Linux Questions

and the value of the $finalkey is randomly generated within the php script. it is not something the visitor to the website can place in there instead.