无法运行查询:SQLSTATE[42000]:语法错误或访问冲突:1064您的SQL语法有错误

无法运行查询：SQLSTATE[42000]：语法错误或访问违规：1064您的SQL语法有错误；查看手册对应于您的MySQL服务器版本，以获得正确的语法在"电话"附近使用="952 123 123"移动电话="655 000 000"在4号线

有人能帮忙吗？

 <?php 
// First we execute our common code to connection to the database and start the session 
require("common.php"); 
// At the top of the page we check to see whether the user is logged in or not 
if(empty($_SESSION['user'])) 
{ 
    // If they are not, we redirect them to the login page. 
    header("Location: login.php"); 
    // Remember that this die statement is absolutely critical.  Without it, 
    // people can view your members-only content without logging in. 
    die("Redirecting to login.php"); 
} 
// This if statement checks to determine whether the edit form has been submitted 
// If it has, then the account updating code is run, otherwise the form is displayed 
if(!empty($_POST)) 
{ 
    // Make sure the user entered a valid E-Mail address 
    if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
    { 
        die("Invalid E-Mail Address"); 
    } 
    // If the user is changing their E-Mail address, we need to make sure that 
    // the new value does not conflict with a value that is already in the system. 
    // If the user is not changing their E-Mail address this check is not needed. 
    if($_POST['email'] != $_SESSION['user']['email']) 
    { 
        // Define our SQL query 
        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                email = :email AND
                telephone = :telephone AND
                mobiletelephone = :mobiletelephone
        "; 
        // Define our query parameter values 
        $query_params = array( 
            ':email' => $_POST['email'] 
        ); 
        try 
        { 
            // Execute the query 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex) 
        { 
            // Note: On a production website, you should not output $ex->getMessage(). 
            // It may provide an attacker with helpful information about your code.  
            die("Failed to run query: " . $ex->getMessage()); 
        } 
        // Retrieve results (if any) 
        $row = $stmt->fetch(); 
        if($row) 
        { 
            die("This E-Mail address is already in use"); 
        } 
    } 
    // If the user entered a new password, we need to hash it and generate a fresh salt 
    // for good measure. 
    if(!empty($_POST['password'])) 
    { 
        $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 
        $password = hash('sha256', $_POST['password'] . $salt); 
        for($round = 0; $round < 65536; $round++) 
        { 
            $password = hash('sha256', $password . $salt); 
        } 
    } 
    else 
    { 
        // If the user did not enter a new password we will not update their old one. 
        $password = null; 
        $salt = null; 
    } 
    // Initial query parameter values 
    $query_params = array( 
        ':email' => $_POST['email'], 
        ':telephone' => $_POST['telephone'],
        ':mobiletelephone' => $_POST['mobiletelephone'],
        ':user_id' => $_SESSION['user']['id'], 
    ); 
    // If the user is changing their password, then we need parameter values 
    // for the new password hash and salt too. 
    if($password !== null) 
    { 
        $query_params[':password'] = $password; 
        $query_params[':salt'] = $salt; 
    } 
    // Note how this is only first half of the necessary update query.  We will dynamically 
    // construct the rest of it depending on whether or not the user is changing 
    // their password. 
    $query = " 
        UPDATE users 
        SET 
            email = :email,
            telephone = :telephone,
            mobiletelephone = :mobiletelephone

    "; 
    // If the user is changing their password, then we extend the SQL query 
    // to include the password and salt columns and parameter tokens too. 
    if($password !== null) 
    { 
        $query .= " 
            , password = :password 
            , salt = :salt 
        "; 
    } 
    // Finally we finish the update query by specifying that we only wish 
    // to update the one record with for the current user. 
    $query .= " 
        WHERE 
            id = :user_id 
    "; 
    try 
    { 
        // Execute the query 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 
    // Now that the user's E-Mail address has changed, the data stored in the $_SESSION 
    // array is stale; we need to update it so that it is accurate. 
    $_SESSION['user']['email'] = $_POST['email']; 
    $_SESSION['user']['telephone'] = $_POST['telephone'];
    $_SESSION['user']['mobiletelephone'] = $_POST['mobiletelephone'];
    // This redirects the user back to the members-only page after they register 
    header("Location: members.php"); 
    // Calling die or exit after performing a redirect using the header function 
    // is critical.  The rest of your PHP script will continue to execute and 
    // will be sent to the user if you do not die or exit. 
    die("Redirecting to members.php"); 
} 
?>