kof20012 Posted July 10, 2008 Share Posted July 10, 2008 hi, i have change my server program recently and when i open the webpages, it appears an error: BTW i have change from PHPtriad to WAMP You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'primeiro_nome'];?>', '', '', ' at line 2 someone can help me out? regards Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted July 10, 2008 Share Posted July 10, 2008 I find it funny when people give us the error message and expect us to know what the error is in their code... without giving us the code! dude... please give your code. Quote Link to comment Share on other sites More sharing options...
kof20012 Posted July 10, 2008 Author Share Posted July 10, 2008 i dont know which code is this, thats my problem... i already try to find the damn code, and i coulnd find out. im gonna post the 2 pages that is related <?php include $_SERVER['DOCUMENT_ROOT'].'/TFC/Layout.php'; $ligacao=mysql_pconnect('localhost', 'Root', '') or die("Problemas de ligaçao"); mysql_select_db("TFC", $ligacao); switch ($_REQUEST['req']) { case "process": //validar todos os pontos if (!$_POST['primeiro_nome'] || !$_POST['ultimo_nome'] || !$_POST['telefone'] || !$_POST['email'] || !$_POST['email2'] || !$_POST['username'] || !$_POST['password'] || !$_POST['password2'] || !$_POST['bio']) { $erro=true; $erros .= "<strong><font color=\"red\">Erros:". "</strong>\n\n"; if (!$_POST['primeiro_nome'] ) { $erros.="Falta Primeiro Nome\n"; } if (!$_POST['ultimo_nome'] ) { $erros.="Falta Ultimo Nome\n"; } if (!$_POST['email'] ) { $erros.="Falta o Email\n"; $email_error=true; } if (!$_POST['email2'] ) { $erros.="Falta o Email de verificaçao\n"; $email_error=true; } if (!$_POST['username'] ) { $erros.="Falta username\n"; } if (!$_POST['password'] ) { $erros.="Falta a password\n"; } if (!$_POST['password2'] ) { $erros.="Falta a password \n"; $password_error=true; } if (!$_POST['bio'] ) { $erros.="Falta a biografia\n"; } } //se os 2 email's sao validos if ($email_error== false) { if($_POST['email'] != $_POST['email2']) { $erro=true; $erros.="Email nao coincidem um com o outro!!\n\n"; $email_error=true; } } //se as 2 passwords sao validas if ($password_error== false) { if($_POST['password'] != $_POST['password2']) { $erro=true; $erros.="Passwords nao coincidem uma com o outra!!\n\n"; $password_error=true; } } if($email_error == false) { //verifica se o email ja foi usado //$contaEmail->contaEmail; $result=mysql_query("select count(*) as contaEmail from membros where email = '{$_POST['email']}'",$ligacao); $contaEmail=mysql_fetch_object($result); //se o email ja existir, mensagem de erro if ($contaEmail > 0) { $erro = true; $erros .= "Email ja usado". "use outro"; } } //verifica se o username ja foi usado $ligacao=mysql_pconnect('localhost', 'ODBC', '') or die("Problemas de ligaçao"); mysql_select_db("TFC", $ligacao); //$contaUsername->contaUsername; $query='select count(*) as contaUsername from membros where username = \''.$_POST['username'].'\''; $result=mysql_query($query,$ligacao); //$result=mysql_query('select count (*) as contaUsername from membros where username = \''.$_POST['username'].'\';',$ligacao); echo $query; //$result=mysql_query("SELECT COUNT(*) FROM membros WHERE username = '$_POST[username]' ",$ligacao); $row=mysql_fetch_assoc($result); //echo $row['COUNT(*)']; //$result=mysql_query("SELECT COUNT(id) FROM membros WHERE username = '{$_POST[username]}' ",$ligacao); //$row=mysql_fetch_assoc($result); //echo $row['COUNT(id)']; //se o username ja existir, mensagem de erro if ($contaUsername > 0) { $erro = true; $erros .= "Username ja usado". "use outro"; } //se o erro for TRUE, usa a pagina de registo com os erros encontrados if ($erro == true) { $erros = nl2br ($erros); //da a string com um Break include $_SERVER['DOCUMENT_ROOT']. '/TFC/registoUtilizadores.php'; } $sql = @mysql_query ("INSERT INTO membros (primeiro_nome, ultimo_nome, email, bio, username, password) VALUES ('$_POST[primeiro_nome]', '$_POST[ultimo_nome]', '$_POST[email]', '$_POST[bio]', '$_POST[username]', '".md5($_POST[password])."') "); //'$_POST[password]') if(!$sql) { echo "Erro a introduzir informacao para o MySQL: ".mysql_error(); // corpo(); exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <?php $ligacao=mysql_pconnect('localhost', 'ODBC', '') or die("Problemas de ligaçao"); mysql_select_db("TFC", $ligacao); if ($erros) { echo "<p align=\"center\"><font size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\" color=\"FF0000\"> $errors</font></p> \n"; } ?> <form method="post" action="join.php"> <table width="50%" border="1" align="center" cellpadding="4" cellspacing="0"> <tr> <td width="200" align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Primeiro Nome</font></td> <td width="179" align="left" valign="top"><input name="primeiro_nome" type="text" id="primeiro_nome" value="<?=$_POST['primeiro_nome'];?>" /></td> </tr> <tr> <td width="200" align="left" valign="top" nowrap=><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Ultimo Nome</font></td> <td width="179" align="left" valign="top"><input name="ultimo_nome" type="text" id="ultimo_nome" value="<?=$_POST['ultimo_nome'];?>" /></td> </tr> <tr> <td width="200" align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Email</font></td> <td width="179" align="left" valign="top"><input name="Email" type="text" id="Email" value="<?=$_POST['email'];?>" /></td> </tr> <tr> <td align="left" valign="top" nowap><font size="2" face="verdana, arial, helvetica, sans-serif">Verificacao Email</font></td> <td align="left" valign="top"><input name="email_address2" type="text" id="email_address3" value="<?=$_POST['email2'];?>"></font></td> </tr> <tr> <td width='200' align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica,sana-serif">Username Desejada</font></td> <td align="left" valign="top"><input name="username" type="text" id="username" value="<?=$_POST['username'];?>"></td> </tr> <tr> <td width='200' align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica,sana-serif">Password</font></td> <td align="left" valign="top"><input name="Password" type="text" id="Password" value="<?=$_POST['password'];?>"></td> </tr> <tr> <td width='200' align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica,sana-serif">Password Again</font></td> <td align="left" valign="top"><input name="Password2" type="text" id="Password2" value="<?=$_POST['password2'];?>"></td> </tr> <tr> <td width='200' align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica,sana-serif">Tell us About yourself!</font></td> <td align="left" valign="top"><textarea name="bio"><?=$_POST['bio'];?></textarea></td> </tr> <tr> <td align="left" valign="top"> </td> <td align="left" valign="top"><input name="req" type="hidden" id="req" value="process" /> <input type="submit" name="submit" value="Submit Information!"></td> </tr> </table> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
fenway Posted July 10, 2008 Share Posted July 10, 2008 dude... please give your code. Please stop asking people to post their code -- we don't need to see their ENTIRE code! Just a single query. Quote Link to comment Share on other sites More sharing options...
kof20012 Posted July 10, 2008 Author Share Posted July 10, 2008 $sql = @mysql_query ("INSERT INTO membros (primeiro_nome, ultimo_nome, email, bio, username, password) VALUES ('$_POST[primeiro_nome]', '$_POST[ultimo_nome]', '$_POST[email]', '$_POST[bio]', '$_POST[username]', '".md5($_POST[password])."') "); Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted July 11, 2008 Share Posted July 11, 2008 dude... please give your code. Please stop asking people to post their code -- we don't need to see their ENTIRE code! Just a single query. his query probably[hopefully] is structured correctly. The issue is probably with how he has manipulated the variables, and not added slashes and such. Just seeing the query itself wont help much Quote Link to comment Share on other sites More sharing options...
fenway Posted July 11, 2008 Share Posted July 11, 2008 dude... please give your code. Please stop asking people to post their code -- we don't need to see their ENTIRE code! Just a single query. his query probably[hopefully] is structured correctly. The issue is probably with how he has manipulated the variables, and not added slashes and such. Just seeing the query itself wont help much Which is why I asked to see the QUERY, not the PHP CODE! Please echo that query string and post it here... I don't need code, mysql doesn't have any. Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted July 11, 2008 Share Posted July 11, 2008 @fenway, This is a perfect example of why we needed the code. The error message he was receiving wasn't related to his query. Ok so kof200012, you have a few issues. Here's the first 2 I noticed: First, regarding your error message, you need to examine the line where it happens. value="<?=$_POST['primeiro_nome'];?> I think it may be bc some servers don't allow for just the <? to open php code. I also think it might be because there's no space between the ; and the ?>, but I could be wrong there. I also don't use that syntax to output a variable, but I think you may not need to have the semicolon. My suggestion: I always just do "<?php echo $variable; ?>" it's just a little bit bigger, but it ensures that it will do what is expected, rather than using shorthand which may or may not work. As for your query $sql = @mysql_query ("INSERT INTO membros (primeiro_nome, ultimo_nome, email, bio, username, password) VALUES ('$_POST[primeiro_nome]', '$_POST[ultimo_nome]', '$_POST[email]', '$_POST[bio]', '$_POST[username]', '".md5($_POST[password])."') "); When you use single quotes, everything is outputted literally. So variables don't work. You're gonna nee to replace the single quotes bwtween each $_POST with double quotes. You also are doing this the worst way possible. You NEED to escape and filter your data. If a form has so much as an apostrophe, you will get an error, but even worse, if they put malicious code, you're screwed. Quote Link to comment Share on other sites More sharing options...
kof20012 Posted July 11, 2008 Author Share Posted July 11, 2008 hi the space between the "...;?>" its the same, but i found the changing the <?=$_POST['primeiro_nome'];?> to <? echo $primeiro_nome ?>, it works perfectly i dont need even to change the stuff you said about the query. now that this problem is solved, i got another one that was already hapenning before i have change the PHPTRIAD to WAMP, the email doesnt register in the Data Base. about the other part i dont quite understand what do you mean... When you use single quotes, everything is outputted literally. So variables don't work. You're gonna nee to replace the single quotes bwtween each $_POST with double quotes. You also are doing this the worst way possible. You NEED to escape and filter your data. If a form has so much as an apostrophe, you will get an error, but even worse, if they put malicious code, you're screwed. Quote Link to comment Share on other sites More sharing options...
fenway Posted July 14, 2008 Share Posted July 14, 2008 @fenway, This is a perfect example of why we needed the code. The error message he was receiving wasn't related to his query. ..... As for your query $sql = @mysql_query ("INSERT INTO membros (primeiro_nome, ultimo_nome, email, bio, username, password) VALUES ('$_POST[primeiro_nome]', '$_POST[ultimo_nome]', '$_POST[email]', '$_POST[bio]', '$_POST[username]', '".md5($_POST[password])."') "); When you use single quotes, everything is outputted literally. So variables don't work. So the error WAS with the query -- amongst other things. Quote Link to comment Share on other sites More sharing options...
kof20012 Posted July 14, 2008 Author Share Posted July 14, 2008 i think the problem is the change for mysql new version dont know the difference between the 2 versions :S Quote Link to comment Share on other sites More sharing options...
fenway Posted July 14, 2008 Share Posted July 14, 2008 i think the problem is the change for mysql new version dont know the difference between the 2 versions :S From what to what? And I still don't see the echo'd version of that query string. Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted July 15, 2008 Share Posted July 15, 2008 So the error WAS with the query -- amongst other things. no dude, the query, syntax-wise, is fine. Whether its a single quote or double, it's going to insert something into the database. The issue lied with the way he was trying to output the variable. and until he does it correctly(i.e. one of the ways I suggested), he's gonna continue to get an error. Quote Link to comment Share on other sites More sharing options...
kof20012 Posted July 15, 2008 Author Share Posted July 15, 2008 i change the $_post to echo etc, i now working, but still i cannot save the email in DB :S any suggestings? thanks for the tip Quote Link to comment Share on other sites More sharing options...
fenway Posted July 15, 2008 Share Posted July 15, 2008 So the error WAS with the query -- amongst other things. no dude, the query, syntax-wise, is fine. Whether its a single quote or double, it's going to insert something into the database. The issue lied with the way he was trying to output the variable. and until he does it correctly(i.e. one of the ways I suggested), he's gonna continue to get an error. Inserting "something" wasn't the goal... and it would have been obvious from a echo. And since the OP is still having issues, I'd still like to see it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.