Wrong PHP code?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
johnmergene
Forum Newbie
Posts: 16
Joined: Tue Nov 15, 2011 5:51 am

Wrong PHP code?

Post by johnmergene »

[text]Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Mod,Ads,On,Accepted,Sched,Location) VALUES ('xxxxxxxxxxx@xxxxxxxxxxx.xxx','xxxxxxxxxx' at line 1[/text]

Code: Select all

<?php
session_start();
session_destroy();
$con = mysql_connect("xxxxxxxxxxxxxxxxxxx.xxxxxxxxx.xxx","xxxxxx_accounts","xxxxxxxxx");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("xxxxxxxxxx_accounts", $con);
$sql="INSERT INTO Account (EmailAdd,Password,Name,DJ,Mod,Ads,On,Accepted,Sched,Location)
VALUES
('$_POST[Emailadd]','$_POST[Password]','$_POST[Name]','$_POST[DJ]','None','None','no','no','None','$_POST[Location]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
header('Location: http://xxxxxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxx/index.html');
mysql_close($con)
?> 
:yawn: can anyone tell me what is wrong? i think , codes are not wrong.
Thanks.
Last edited by Benjamin on Wed Nov 16, 2011 4:31 am, edited 1 time in total.
Reason: Added [syntax=php||htm||css||javascript||sql||etc] - Please use [syntax] tags when posting code in the forums! Thanks.
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: Wrong PHP code?

Post by twinedev »

MOD is a mySQL function. You need to wrap it in the quoting the mySQL uses, backticks ( ` )

Code: Select all

$sql = sprintf('INSERT INTO `Account` (`EmailAdd`,`Password`,`Name`,`DJ`,`Mod`,`Ads`,`On`,`Accepted`,`Sched`,`Location`) ' .
               'VALUES ("%s","%s","%s","%s","None","None","no","no","None","%s")',
                   mysql_real_escape_string($_POST['Emailadd']),
                   mysql_real_escape_string($_POST['Password']), 
                   mysql_real_escape_string($_POST['Name']),
                   mysql_real_escape_string($_POST['DJ']),
                   mysql_real_escape_string($_POST['Location'])
              );
Oh, and do a search on here for "hash salt peppper" to find threads on how to properly handle passwords.
johnmergene
Forum Newbie
Posts: 16
Joined: Tue Nov 15, 2011 5:51 am

Re: Wrong PHP code?

Post by johnmergene »

Thanks.. I love this forum. lol
Post Reply