[SOLVED] You have an error in your SQL syntax; ... right syntax to use near '...

[synthvox]

For starters I know my #1 problem. I know very little about php/mysql. But at the moment my #2 problem is that something that has been working for the past 4 hours has suddenly stopped...

 

I've worked it down to having something to do with:

 

$q = "INSERT INTO users (password, name, email, username) VALUES ($p, $n, $e, $u)";

mysqli_query($dbc, $q) or die(mysqli_error($dbc));

 

I'm trying to make a registration page and it has worked fine up until about 5 minutes ago when it just stopped working (yes ctrl + z came to mind but unfortunately I do a lot very quickly without thinking about it so I don't remember what I did and ctrl + z only goes so far )... so I went through and put the "or die(mysqli_error($dbc))" line on the end of all my queries and systematicly removed them till this was the only one left, that's why I think the problem lies here...

 

upon trying to register:

name: Test 1

username: interrobang

email: [email protected]

password: password ($p is the SHA1 of password in the query. if that matters...)

 

my browser tells me:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1, [email protected], interrobang)' at line 1

 

common sense tells me that I should check the manual... but i don't really know what it intends me to check for...

 

hopefully somebody will be able to tell me whats wrong from what I've posted, otherwise i can get other pieces of code for you. thanks for any help

 

_____

 

upon re-reading this i noticed that the space between Test and 1 for $n is where the quoted code in the error starts... so i'm guessing i'm missing quotes somewhere...

 

I just tried registering something else without putting spaces or @'s or .'s in anything and it gives the the error:

 

Unknown column 'c22b5f9178342609428d6f51b2c5af4c0bde6a42' in 'field list'

 

sorry but looks like i have another problem

[bubbasheeko]

What type of field type do you have set up in the table.  I am curious as to why we only see the number 1 for the name should be.

[emehrkay]

$q = "INSERT INTO users (password, name, email, username) VALUES ($p, $n, $e, $u)";

mysqli_query($dbc, $q) or die(mysqli_error($dbc));

 

Maybe you should add quotes around your values

 

('$p', '$n' etc

[synthvox]

sorry i have no idea what the field type of a table is.

 

and yes i'll try putting quotes in, I tried ""'s earlier but that just put the $p in instead of whatever was stored in $p, i've read over the difference between " and ' like 20 times now but I guess I still don't really get what it is...

 

_________

 

 

just tried putting quotes (  '  ) in and they worked perfectly, if you wouldn't mind i'd still like an explanation of the difference between the two quotes though. thanks

[emehrkay]

what you have is a string

 

"INSERT INTO users (password, name, email, username) VALUES ($p, $n, $e, $u)";

 

when PHP (or any other language) sees another double quote that string will end unless it is escaped. So imagine if you had this.

 

"INSERT INTO users (password, name, email, username) VALUES (asdfsdf saf "asdsf", $n, $e, $u)";

 

Your variables will break the INSERT sting if they are strings. That handles the PHP-based errors.

 

Now if your columns (password, name, email, username) are the kind that stores text (varchar, text, date[time] etc), then you'll need to quote those strings to run the query. When that INSERT string is ran in MySQL, it will look like this

 

INSERT INTO users (password, name, email, username) VALUES ('asdfsdf saf "asdsf"', 'name', 'email address', 'user name');