Syntax error mysql why?

Hi all.
Climbs error constantly when logging. But no problem adding the record to the database.
Here is the error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 'yagyar0001111" at line 1
Here is the query:
$query = "INSERT INTO users SET login = '$login', name = '$name', email = 
 $email', pass = '$pass', status = 'user'";
 mysqli_query($link, $query) or die (mysqli_error($link));
 $_SESSION['auth'] = true;
 $query = "SELECT * FROM users WHERE login = '$login'";
 mysqli_query($link, $query) or die (mysqli_error($link));
 $user = mysqli_fetch_assoc(mysqli_query($link, $query));
 $_SESSION['id'] = $user['id'];
 $_SESSION['login'] = $user['login'];
 $_SESSION['status'] = $user['status'];
 $_SESSION['message_reg'] = "Registration completed successfully";
 header('Location: index.php?reg=ok');



Here is the table:
5c989c41449db401153435.png
What did I do? Generally can not understand. Maybe he swears on the second request? And there everything seems normal. True in the session is recorded. But forwarding does not occur. Apparently in the second query, what is the problem.
March 19th 20 at 08:26
1 answer
March 19th 20 at 08:28
because it's called SQL injection.

Requests should be done through prepared statements.
$query = "INSERT INTO users SET login = ?, name = ?, email = ?, pass = ?, status = 'user'";
$stmt = $link->prepare($query);
$stmt->bind_param("ssss",$login,$name,$email,$pass);
$stmt->execute();


The same applies to all other queries involving variables

Find more questions by tags MySQLPHP