A Strange Sql error in syntax

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tekgen
Forum Newbie
Posts: 8
Joined: Sun Dec 10, 2006 4:54 pm

A Strange Sql error in syntax

Post by tekgen »

I'll just say right off the bat that this isn't the same as what the other guy posted. So... ya.

I'm making a simple register php with the following code:

Code: Select all

<?php
include ('config.php');
$user=$_POST['user1'];
$pass=$_POST['pass1'];
$firstn=$_POST['firstn1'];
$lastn=$_POST['lastn1'];
$email=$_POST['email1'];
$query = "INSERT INTO accounts (ID,user,pass,firstn,lastn,email) VALUES (NULL,$user,$pass,$firstn,$lastn,$email)";
mysql_connect($localhost,$username,$password) or die("Unable to Connect");
@mysql_select_db($database) or die( "Unable to select database");
mysql_query($query) or die(mysql_error());
mysql_close();
echo "Went fine.";
?>
Note: There was code (<?php) on line 1 but then I moved it down one and still got:

Code: Select all

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,,)' at line 1
I'm baffled as to what this means, because line 1 is either blank or says <?php ....
Mysql version: 5.0.22 Community
And using the latest PHP version.

I'd greatly appreciate any help.
hrubos
Forum Contributor
Posts: 172
Joined: Sat Oct 07, 2006 3:44 pm

Re: A Strange Sql error in syntax

Post by hrubos »

I think here

Code: Select all

$query = "INSERT INTO accounts (ID,user,pass,firstn,lastn,email) VALUES (NULL,'$user','$pass','$firstn','$lastn','$email')";
tekgen
Forum Newbie
Posts: 8
Joined: Sun Dec 10, 2006 4:54 pm

Ok..

Post by tekgen »

But what would I need to change to make it the right syntax?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

$user, $pass, etc won't exist unless your form with these input fields exist. You first need to check whether the form exists, and possibly assign default values incase those variables wern't sent..

Code: Select all

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

   $user = empty($_POST['user']) ? '' : mysql_real_escape_string($user);
   $pass = empty($_POST['pass']) ? '' : mysql_real_escape_string($pass);

   .. etc
Also, the next step it to sanitize your input. When dealing with mysql, at minimum pass your variables through mysql_real_escape_string() to avoid SQL injection.
tekgen
Forum Newbie
Posts: 8
Joined: Sun Dec 10, 2006 4:54 pm

Post by tekgen »

Ya I was only going to use escape string in login, but I wanted to get register working before I inputted more things to wrong into the solution.

The info is sent to register.php from register.html

Register.html

Code: Select all

<strong>Register Here.</strong>
<form action="register.php" method="post">
Username: 
  <input type="text" name="user1"><br>
Password: 
<input type="text" name="pass1"><br>
First Name: <input type="text" name="firstn1"><br>
Last Name: <input type="text" name="lastn1"><br>
E-mail: <input type="text" name="email1"><br>
<input type="Submit">
</form>
tekgen
Forum Newbie
Posts: 8
Joined: Sun Dec 10, 2006 4:54 pm

In Fact

Post by tekgen »

I tried to see if it was receiving the variables, but apparently not. I added an (or die) statement:
$user=$_POST['user1'] or die("Doesn't receive variable");

and get back 'doesn't receive variable'

So apparently the form isn't submitting correctly?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Run

Code: Select all

echo '<pre>';
print_r($_POST);
echo '</pre>';
at the top of your page. You'll notice your variables are being sent, except you just are referencing them wrong.

First Name: <input type="text" name="firstn1"><br>
Last Name: <input type="text" name="lastn1"><br>

are not the same as

$user=$_POST['user1'];
$pass=$_POST['pass1'];
tekgen
Forum Newbie
Posts: 8
Joined: Sun Dec 10, 2006 4:54 pm

..

Post by tekgen »

I'm afraid I don't understand,

I ran the the array and got back:

Array
(
[user] => user
[pass] => pass
[firstn] => first
[lastn] => last
[email] => email
)

isn't that what I want?

how are firstn and user mixed up?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Whoops, I got the input names mixed up. Either way, look in the array and you'll notice there is no $_POST['user1'] and $_POST['pass1'], only $_POST['user'] and $_POST['pass']
tekgen
Forum Newbie
Posts: 8
Joined: Sun Dec 10, 2006 4:54 pm

Post by tekgen »

If the HTML says to post it as [user1] and [pass1] then why are the variables showing up as [user] and [pass]


???? 8O
hrubos
Forum Contributor
Posts: 172
Joined: Sat Oct 07, 2006 3:44 pm

Re: ..

Post by hrubos »

Try again with Jcart's advice, you will have what you want.
He thinked this :

Code: Select all

<?php
include ('config.php');
$user1=$_POST['user1'];
$pass1=$_POST['pass1'];
$firstn1=$_POST['firstn1'];
$lastn1=$_POST['lastn1'];
$email1=$_POST['email1'];
$query = "INSERT INTO accounts (ID,user,pass,firstn,lastn,email) VALUES (NULL,'$user1','$pass1','$firstn1','$lastn1','$emai1')";
mysql_connect($localhost,$username,$password) or die("Unable to Connect");
@mysql_select_db($database) or die( "Unable to select database");
mysql_query($query) or die(mysql_error());
mysql_close();
echo "Went fine.";
?>
Don't forget this_ ( ' ' ) in comand insert .okei?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Your browser may be using an older version (cached) page, make sure to clear you cache before checking if the page is working correctly. It may be good to verify that the page code is in fact what you think it is.
tekgen
Forum Newbie
Posts: 8
Joined: Sun Dec 10, 2006 4:54 pm

Post by tekgen »

Ok so I did refresh my page (damn..) 8O and I finally got
user1=user
pass1=pass

What do I have to have in insert? (' ') ?
hrubos
Forum Contributor
Posts: 172
Joined: Sat Oct 07, 2006 3:44 pm

Post by hrubos »

tekgen wrote:Ok so I did refresh my page (damn..) 8O and I finally got
user1=user
pass1=pass

What do I have to have in insert? (' ') ?
plz, would you see carefully, here :

.....................VALUES (NULL,'$user1','$pass1','$firstn1','$lastn1','$emai1')";

So hope you will success.
tekgen
Forum Newbie
Posts: 8
Joined: Sun Dec 10, 2006 4:54 pm

Post by tekgen »

You were absolutely right, it worked. Thanks a bunch
Post Reply