What is wrong with this sql statement?

I feel so stupid, but I can't find the error... Thanks.

$l_sSql = 'INSERT INTO ftb2010_winners ("first_name", "last_name", "email", "dob", "token", claimed_status) VALUES (\''.$l_aData['firstName'].'\',\''.$l_aData["lastName"].'\',\''.$l_aData["email"].'\',\''.$l_aData["year"].'-开发者_如何转开发'.$l_aData["month"].'-'.$l_aData["day"].'\', "token", 0;';

Here is the error when I run it

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"first_name", "last_name", "email", "dob", "token", claimed_status) VALUES ('Phi' at line 1

Edit... Ok, thanks... got it, yes I knew it was something stuipid that I was missing

First error: field names should be enclosed in backticks, not quotes. (and even then, the backticks are only necessary if the field name is a reserved SQL word or contains special characters. Generally it's a good idea to have backticks, but in your example you can get away without them)

Second error: missing closing bracked on end of query.

Possible error: Make sure all the variables you're using are properly escaped. Failure to do so will result in your code being vulnerable to SQL injection attacks. (I can't tell if this is actually a problem for you without seeing more of your code)

Style issue: you're mixing your quotes between single and double quotes without any good reason. ie some of your values are in single quotes, others are in double quotes. Be consistent. Also, all those escaped single quotes make the whole thing very hard to read!

Your values is missing a closing parenthesis for one.

There is no closing brace ")" at the end.

In MySQL, field and table names should be enclosed in backticks, not in double quotes.

So it should be:

INSERT INTO ftb2010_winners (`first_name`, `last_name`, ...

You shouldn't put your columnnames in ":

INSERT INTO ftb2010_winners (first_name, lastname, ....)

and ofcourse the missing )

• You shouldn't be escaping the ticks (') that surround your data. You're supposed to escape ticks/apostrophes in your data.
• Field names should be surrounded by backticks (`), not double quotes (").
• You're missing an end parenthesis at the end of the statement.