SQL语法错误，不知道为什么

Question

我试图运行一个PHP脚本，但每当我运行它时都会收到此错误。

错误：

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''id', 'firstname', 'lastname', 'email', 'username', 'password', 'hash', 'active'' at line 1 

PHP：

<?php 
require('includes/connect.php'); 

if($_POST['submit'] == true) { 

    $firstname = mysql_real_escape_string($_POST['firstname']); 
    $lastname = mysql_real_escape_string($_POST['lastname']); 
    $email = mysql_real_escape_string($_POST['email']); 
    $username = mysql_real_escape_string($_POST['username']); 
    $password = mysql_real_escape_string($_POST['password']); 
    $hash = mysql_real_escape_string(md5(uniqid(rand(), true))); 
    $active = mysql_real_escape_string(0); 

    $query = mysql_query(" INSERT INTO users_main ('id', 'firstname', 'lastname', 'email', 'username', 'password', 'hash', 'active') VALUES ('', '" . $firstname . "', '" . $lastname . "', '" . $email . "', '" . $username . "', '" . $password . "', '" . $hash . "', '" . $active . "') ") or die(mysql_error()); 

} else { 

} 

?> 

Answer 1

不要引用用单引号列名。 MySQL使用反引号来引用列和表标识符。

Some special keywords如果用作标识符，需要用反引号引用，但是您没有使用任何这些引号。没有列需要引用。

$query = mysql_query(" INSERT INTO users_main (id, firstname, lastname, email, username, password, hash, active) VALUES ('', '" . $firstname . "', '" . $lastname . "', '" . $email . "', '" . $username . "', '" . $password . "', '" . $hash . "', '" . $active . "') ") or die(mysql_error());