php - Can't figure out what's wrong with my SQL syntax -

php - Can't figure out what's wrong with my SQL syntax -

i'm running next sql query in php

seek { $sql = "insert doc set type = 1, candid = :candid, userid = ".$_session['userid'].", filename = ".$_files['file']['tmp_name'].", date=date_format(curdate(), '%d/%m/%y')"; $s = $pdo->prepare($sql); $s->bindvalue(':candid', $_post['candid']); $s->execute(); } grab (pdoexception $e) { $error = 'error adding doc: ' . $e->getmessage(); include $errorpage; exit(); }

and i'm getting next error:

error adding doc: sqlstate[42000]: syntax error or access violation: 1064 have error in sql syntax; check manual corresponds mysql server version right syntax utilize near ':\xampp\tmp\phpd58b.tmp, date=date_format(curdate(), '%d/%m/%y')' @ line 5

i can't quite figure out why i'm getting error. there wrong syntax i'm missing?

filename = ".$_files['file']['tmp_name'].", should filename = '".$_files['file']['tmp_name']."',

so code should

try { $sql = "insert doc set type = 1, candid = :candid, userid = ".$_session['userid'].", filename = '".$_files['file']['tmp_name']."', date=date_format(curdate(), '%d/%m/%y')"; $s = $pdo->prepare($sql); $s->bindvalue(':candid', $_post['candid']); $s->execute(); } grab (pdoexception $e) { $error = 'error adding doc: ' . $e->getmessage(); include $errorpage; exit(); }

php mysql sql