[SOLVED] SQL Syntax Error

[Akenatehm]

Hey Guys,

 

I get the following error:

 

Could not insert commentYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''mysql_real_escape_string' at line 2

 

With the following script:

 

<?PHP

include "connect.php";
// Checks the database for a user with a particular user name
$check = mysql_query("select ID from users where username='$username' limit 1;");
// get a row count of the number of rows found
if(mysql_num_rows($check) == 1) {  echo "Username Already In Use.";
}
else {

if(isset($_POST['submit']))

{

   $username=$_POST['username'];

   $password=$_POST['password'];
   
   $email=$_POST['email'];

   if(strlen($username)<1)

   {

      print "You did not enter a username.";

   }

   else if(strlen($password)<1)

   {

      print "You did not enter a password.";

   }

   else

   {

    $insert = "INSERT INTO `users` (username,password,email)
    VALUES ('".mysql_real_escape_string
   ($username)."','".mysql_real_escape_string
   ($password)."','".mysql_real_escape_string
   ($email)."','".mysql_real_escape_string;
     
      mysql_query($insert) or die("Could not insert comment" . mysql_error());
      
        echo "User Added. <a href=\"home.html\">Click here</a> To Go Home.";
   }

  }
}
?>

 

Help would be great.

[Akenatehm]

Anyone?

[laPistola]

$check = mysql_query("select ID from users where username='$username' limit 1;");

 

should be

 

$check = "SELECT `id` FROM users WHERE username = '$username' limit 0,1";
$query = mysql_query($check,$DBconnetion);

 

makes better mark up

 

 

but to use the mysql_real_escape_string function do this

 

$insert = sprintf("INSERT INTO `users` (username,password,email) VALUES (%s,%s,%s)",
mysql_real_escape_string($username),
mysql_real_escape_string($password),
mysql_real_escape_string($email));