MySQL Syntax error. Can't solve it

Question

I wanna insert 0 to some db table's fields but can't get it work. The piece of code from my signup php script looks like that.

...

if (isset($type))
{
if($type==1)
{
$region=$data['region'];
$school=$data['school'];
$class=$data['class'];
$group='NULL';
$subject='NULL';
$university='NULL';
$profession='NULL';
}
if($type==2)
{
$group=$data['group'];
$region=$data['region'];
$school=$data['school'];
$class=$data['class'];
$subject='NULL';
$university='NULL';
$profession='NULL';

}
if($type==3)
{
$group='NULL';
$region='NULL';
$school='NULL';
$class='NULL';
$subject='NULL';    
$university=$data['university'];
$profession=$data['profession'];
}
if($type==4)
{
$group='NULL';
$region='NULL';
$school='NULL';
$class='NULL';
$university='NULL';
$profession='NULL';
$subject=$data['subject'];
}
}
$sql= "INSERT INTO users
(level,fname, mname, lname, dob, age, reg_date, phone, email, login, pwd, type,   group, region, school, class, ip, subject, ban, university, profession) 
VALUES 
('1','$data[fname]', '$data[mname]', '$data[lname]', '$dob', '$age, now(), '$data[phone]', '$email', '$login', '$pwd', '$data[type]', '$data[region]', '$data[school]', '$data[class]',  '$ip', '$subject', NULL, '$university', '$profession')";

$result = $db->query($sql) or die(printf("Errorv: %s\n", $db->error));
$id = $db->insert_id();  
$md5_id = md5($id);
$db->query("update users set md5_id='$md5_id' where id='$id'");
//  echo "<h3>Thank You</h3> We received your submission.";

...

Getting every time this error message "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group, region, school, class, ip, subject, ban, university, profession) VALUES' at line 2"

Tried '0', 0 instead of NULL. No success. Please help

Changed the code. Still no success

$sql= "INSERT INTO users
(level,fname, mname, lname, dob, age, reg_date, phone, email, login, pwd, type, 'group', region, school, class, ip, subject, ban, university, profession) 
VALUES 
('1','$data[fname]', '$data[mname]', '$data[lname]', '$dob', '$age', now(), '$data[phone]', '$email', '$login', '$pwd', '$data[type]', '$data[region]', '$data[school]', '$data[class]',  '$ip', '$subject', NULL, '$university', '$profession')";

Answer 1

Given your edit, you've mis-quoted the word group. YOu can't use single quotes to turn a reserved word into an "acceptable" word, it has to be backticks:

INSERT ....., `group`, ... VALUES ....
              ^-----^--- note the backticks

Single quotes turn anything into a string, but you can't use a string for a field name.

In the future, if you'r getting an SQL syntax error, show us the actual query that's causing the error. Generally the PHP that's building the query is not necessary - we want to see what MySQL is complaining about. Only after we figure out what the actual problem is can we tell you how to change your code to fix the problem.

Answer 2

group is a reserved word. rename your field or put it within backticks (`)

Answer 3

Group is a keyword, it needs to be wrapped around quotes. Also, it doesn't really look like you're doing any sanitisation, if not, you should.

Answer 4

You miss ' quote after $age. Also you should use {$data['lname']} instead of $data[lname] in quotes.

Answer 5

4 things,

1. escape your values: mysql_real_escape_string
2. properly add php vars to a string: sprintf or for array notation use curly braces "{$data['var']}"
3. backtick around group (or every field name to be certain)
4. Don't enclose NULL or NOW() in ticks, quotes etc.. (you are actually OK on this, just wanted to make sure you kept it)

<?php

$sql= sprintf("INSERT INTO `users`
    (`level`,`fname`, `mname`, `lname`, `dob`, `age`, `reg_date`, `phone`, `email`, `login`, `pwd`, `type`, `group`, `region`, `school`, `class`, `ip`, `subject`, `ban`, `university`, `profession`) 
    VALUES
    ('1','%s','%s','%s','%s','%s',now(),'%s','%s','%s','%s','%s','%s','%s','%s','%s','%s', NULL,'%s','%s')",
    mysql_real_escape_string($data['fname']), 
    mysql_real_escape_string($data['mname']), 
    mysql_real_escape_string($data['lname']), 
    mysql_real_escape_string($dob), 
    mysql_real_escape_string($age),
    mysql_real_escape_string($data['phone']), 
    mysql_real_escape_string($email), 
    mysql_real_escape_string($login), 
    mysql_real_escape_string($pwd), 
    mysql_real_escape_string($data['type']), 
    mysql_real_escape_string($data['region']), 
    mysql_real_escape_string($data['school']), 
    mysql_real_escape_string($data['class']),  
    mysql_real_escape_string($ip), 
    mysql_real_escape_string($subject),
    mysql_real_escape_string($university), 
    mysql_real_escape_string($profession));