Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Mar 2013
    Posts
    3
    Thanks
    1
    Thanked 0 Times in 0 Posts

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL

    Here is my code, my host, root, and password has been replaced with "N/A":
    PHP Code:
    <?php
        
    //Start session
        
    session_start();
        
        
    //Include database connection details
        
    require_once('config.php');
        
        
    //Array to store validation errors
        
    $errmsg_arr = array();
        
        
    //Validation error flag
        
    $errflag false;
        
        
    //Connect to mysql server
        
    $link mysql_connect("N/A""N/A""N/A");
        if(!
    $link) {
            die(
    'Failed to connect to server: ' mysql_error());
        }
        
        
    //Select database
        
    $db mysql_select_db("sources");
        if(!
    $db) {
            die(
    "Unable to select database");
        }
        
        
    //Function to sanitize values received from the form. Prevents SQL injection
        
    function clean($str) {
            
    $str = @trim($str);
            if(
    get_magic_quotes_gpc()) {
                
    $str stripslashes($str);
            }
            return 
    mysql_real_escape_string($str);
        }
        
        
    //Sanitize the POST values
        
    $fname clean($_POST['fname']);
        
    $lname clean($_POST['lname']);
        
    $email clean($_POST['email']);
        
    $password clean($_POST['password']);
        
    $password2 clean($_POST['password2']);
        
        
    //Input Validations
        
    if($fname == '') {
            
    $errmsg_arr[] = 'First name missing';
            
    $errflag true;
        }
        if(
    $lname == '') {
            
    $errmsg_arr[] = 'Last name missing';
            
    $errflag true;
        }
        if(
    $email == '') {
            
    $errmsg_arr[] = 'Email missing';
            
    $errflag true;
        }
        if(
    $password == '') {
            
    $errmsg_arr[] = 'Password missing';
            
    $errflag true;
        }
        if(
    $password2 == '') {
            
    $errmsg_arr[] = 'Confirm password missing';
            
    $errflag true;
        }
        if( 
    strcmp($password$password2) != ) {
            
    $errmsg_arr[] = 'Passwords do not match';
            
    $errflag true;
        }
        
        
    //Check for duplicate emails
        
    if($email != '') {
            
    $qry "SELECT * FROM `users` WHERE 1`$email'";
            
    $result mysql_query($qry);
            if(
    $result) {
                if(
    mysql_num_rows($result) > 0) {
                    
    $errmsg_arr[] = 'Email already in use';
                    
    $errflag true;
                }
                @
    mysql_free_result($result);
            }
            else {
                die(
    mysql_error());
            }
        }
        
        
    //If there are input validations, redirect back to the registration form
        
    if($errflag) {
            
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            
    session_write_close();
            
    header("location: index.php");
            exit();
        }

        
    //Create INSERT query
        
    $qry "INSERT INTO 'users'(fname, lname, email, pswd) VALUES('$fname','$lname','$email','".md5($_POST['password'])."')";
        
    $result mysql_query($qry);
        
        
    //Check whether the query was successful or not
        
    if($result) {
            
    header("location: register-success.php");
            exit();
        }else {
            die(
    mysql_error());
        }
    ?>
    Now i keep getting this error from the email I submit in the form on my website: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`exampleuser@example.com'' at line 1.

    Whats happening?

  • #2
    Regular Coder
    Join Date
    Jun 2009
    Posts
    145
    Thanks
    3
    Thanked 21 Times in 21 Posts
    You need to know where the error is coming from. You have three points where the query could fail. Add a txt to each so we can see what query is failing. I would suggest it will be Q2 or Q3.

    What you should do is put:

    PHP Code:
    die("Fail 1".mysql_error()); 
    obviously change "Fail 1" to 2 and 3 then you can see where the query is failing.

    If I were to hazard a guess I would question this query as being the culprit

    PHP Code:
     $qry "INSERT INTO 'users'(fname, lname, email, pswd) VALUES('$fname','$lname','$email','".md5($_POST['password'])."')"
    Try completing your md5 before you run the query. Also INSERT INTO 'users' should not be in quotes, you could use back quotes `users. Personally I am a fan of '{}' php into a query string, much easier to read, but not a requirement. eg.

    PHP Code:
    $thepass md5($_POST['password']);
    $qry "INSERT INTO `users`(fname, lname, email, pswd) VALUES('$fname','$lname','$email','$thepass')"


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •