Page 1 of 1
A Strange Sql error in syntax
Posted: Sun Dec 10, 2006 5:11 pm
by tekgen
I'll just say right off the bat that this isn't the same as what the other guy posted. So... ya.
I'm making a simple register php with the following code:
Code: Select all
<?php
include ('config.php');
$user=$_POST['user1'];
$pass=$_POST['pass1'];
$firstn=$_POST['firstn1'];
$lastn=$_POST['lastn1'];
$email=$_POST['email1'];
$query = "INSERT INTO accounts (ID,user,pass,firstn,lastn,email) VALUES (NULL,$user,$pass,$firstn,$lastn,$email)";
mysql_connect($localhost,$username,$password) or die("Unable to Connect");
@mysql_select_db($database) or die( "Unable to select database");
mysql_query($query) or die(mysql_error());
mysql_close();
echo "Went fine.";
?>
Note: There was code (<?php) on line 1 but then I moved it down one and still got:
Code: Select all
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,,)' at line 1
I'm baffled as to what this means, because line 1 is either blank or says <?php ....
Mysql version: 5.0.22 Community
And using the latest PHP version.
I'd greatly appreciate any help.
Re: A Strange Sql error in syntax
Posted: Sun Dec 10, 2006 5:13 pm
by hrubos
I think here
Code: Select all
$query = "INSERT INTO accounts (ID,user,pass,firstn,lastn,email) VALUES (NULL,'$user','$pass','$firstn','$lastn','$email')";
Ok..
Posted: Sun Dec 10, 2006 5:14 pm
by tekgen
But what would I need to change to make it the right syntax?
Posted: Sun Dec 10, 2006 5:15 pm
by John Cartwright
$user, $pass, etc won't exist unless your form with these input fields exist. You first need to check whether the form exists, and possibly assign default values incase those variables wern't sent..
Code: Select all
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$user = empty($_POST['user']) ? '' : mysql_real_escape_string($user);
$pass = empty($_POST['pass']) ? '' : mysql_real_escape_string($pass);
.. etc
Also, the next step it to sanitize your input. When dealing with mysql, at minimum pass your variables through
mysql_real_escape_string() to avoid SQL injection.
Posted: Sun Dec 10, 2006 5:17 pm
by tekgen
Ya I was only going to use escape string in login, but I wanted to get register working before I inputted more things to wrong into the solution.
The info is sent to register.php from register.html
Register.html
Code: Select all
<strong>Register Here.</strong>
<form action="register.php" method="post">
Username:
<input type="text" name="user1"><br>
Password:
<input type="text" name="pass1"><br>
First Name: <input type="text" name="firstn1"><br>
Last Name: <input type="text" name="lastn1"><br>
E-mail: <input type="text" name="email1"><br>
<input type="Submit">
</form>
In Fact
Posted: Sun Dec 10, 2006 5:23 pm
by tekgen
I tried to see if it was receiving the variables, but apparently not. I added an (or die) statement:
$user=$_POST['user1'] or die("Doesn't receive variable");
and get back 'doesn't receive variable'
So apparently the form isn't submitting correctly?
Posted: Sun Dec 10, 2006 5:25 pm
by John Cartwright
Run
Code: Select all
echo '<pre>';
print_r($_POST);
echo '</pre>';
at the top of your page. You'll notice your variables are being sent, except you just are referencing them wrong.
First Name: <input type="text" name="
firstn1"><br>
Last Name: <input type="text" name="
lastn1"><br>
are not the same as
$user=$_POST['
user1'];
$pass=$_POST['
pass1'];
..
Posted: Sun Dec 10, 2006 5:31 pm
by tekgen
I'm afraid I don't understand,
I ran the the array and got back:
Array
(
[user] => user
[pass] => pass
[firstn] => first
[lastn] => last
[email] => email
)
isn't that what I want?
how are firstn and user mixed up?
Posted: Sun Dec 10, 2006 5:33 pm
by John Cartwright
Whoops, I got the input names mixed up. Either way, look in the array and you'll notice there is no $_POST['user1'] and $_POST['pass1'], only $_POST['user'] and $_POST['pass']
Posted: Sun Dec 10, 2006 5:36 pm
by tekgen
If the HTML says to post it as [user1] and [pass1] then why are the variables showing up as [user] and [pass]
????

Re: ..
Posted: Sun Dec 10, 2006 5:36 pm
by hrubos
Try again with Jcart's advice, you will have what you want.
He thinked this :
Code: Select all
<?php
include ('config.php');
$user1=$_POST['user1'];
$pass1=$_POST['pass1'];
$firstn1=$_POST['firstn1'];
$lastn1=$_POST['lastn1'];
$email1=$_POST['email1'];
$query = "INSERT INTO accounts (ID,user,pass,firstn,lastn,email) VALUES (NULL,'$user1','$pass1','$firstn1','$lastn1','$emai1')";
mysql_connect($localhost,$username,$password) or die("Unable to Connect");
@mysql_select_db($database) or die( "Unable to select database");
mysql_query($query) or die(mysql_error());
mysql_close();
echo "Went fine.";
?>
Don't forget this_ ( ' ' ) in comand insert .okei?
Posted: Sun Dec 10, 2006 5:41 pm
by feyd
Your browser may be using an older version (cached) page, make sure to clear you cache before checking if the page is working correctly. It may be good to verify that the page code is in fact what you think it is.
Posted: Sun Dec 10, 2006 5:46 pm
by tekgen
Ok so I did refresh my page (damn..)

and I finally got
user1=user
pass1=pass
What do I have to have in insert? (' ') ?
Posted: Sun Dec 10, 2006 5:48 pm
by hrubos
tekgen wrote:Ok so I did refresh my page (damn..)

and I finally got
user1=user
pass1=pass
What do I have to have in insert? (' ') ?
plz, would you see carefully, here :
.....................
VALUES (NULL,'$user1','$pass1','$firstn1','$lastn1','$emai1')";
So hope you will success.
Posted: Sun Dec 10, 2006 6:36 pm
by tekgen
You were absolutely right, it worked. Thanks a bunch