getting error in my php/sql script?

Question

While trying to create a website on which users can buy and sell stocks, I encountered the following error while trying to implement the "sell" option. Users can type in the symbol of some stock they have, and then the website ought to delete all stocks with that symbol (by means of a POST method). I use the following sql statements in sell.php (the controller):

query("DELETE FROM userstocks WHERE id = ".$_SESSION["id"]." 
                                     AND symbol = ". $_POST["symbol"] ) ;  
query("UPDATE users SET cash = cash + 200 WHERE id = " . $_SESSION["id"]) ;   
render("sellconfirmation.php", ["cash" => $cash]); 

There is sometheing wrong with the DELETE FROM query, though. I get the following error:

Fatal error: Unknown column 'fb' in 'where clause' in /home/jharvard/vhosts/pset7/includes/functions.php on line 139

I think this is strange, because when I manually type in the actual 'fb' stock (as in: AND symbol = 'symbol' ) it all works perfectly well. I want the website to delete the stock based on what the user typed in though.

Question: What's wrong with the DELETE FROM query?

Answer 1

Add quote to symbol

query("DELETE FROM userstocks WHERE id = " . $_SESSION["id"] . " 
                   AND symbol = '". $_POST["symbol"]."'" ) ; 

EDIT:

Also use mysqli_real_escape_string or PDO::quote to secure your string.

Answer 2

You missed out to close the quote in the delete query. Try this

query("DELETE FROM userstocks WHERE id = " . $_SESSION["id"] . " 
                          AND symbol = '". $_POST["symbol"]."'" ) ;