Jump to content

[SOLVED] MySQL Query Error

pudge1

By pudge1
in MySQL Help

 Share

Recommended Posts

pudge1 Member

pudge1

Posted
Posted

$sql="INSERT INTO Users (userid, Username, Password, EMail, Account Type)

VALUES

(" . $count . "," . $username . "," . $password . "," . $_POST['email'] . "," . $at . ")";

$result = mysql_query($sql , $connection);

 

The problem I am having with the script is that it is not inserting the data. I am 99.99% sure that is the fault of the way I wrote up the $sql= line. Does anyone see what I did wrong?

 

EDIT: I forgot to mention. It IS connecting to the database just fine so that is NOT the problem.

Link to comment
https://forums.phpfreaks.com/topic/179123-solved-mysql-query-error/
Share on other sites
xtopolis Member

xtopolis

Posted
Posted

You can't have spaces in column names without denoting it as a name using backticks ( ` ).  (The issue is with the "account type" column).

 

$sql="INSERT INTO Users (userid, Username, Password, EMail, `Account Type`)
VALUES
(" . $count . "," . $username . "," . $password . "," . $_POST['email'] . "," . $at . ")";
$result = mysql_query($sql , $connection);

pudge1 Member

pudge1

Posted
  • Author
Posted

Warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@email.com,User)' at line 3 in

 

That is the error I get.

 

Thanks for whoever posted the new code, still broken though. I just don't see what is wrong I have looked it over a couple times and referred back to the manual.

DavidAM Member

DavidAM

Posted
Posted

You have to have quotes in the SQL around the values:

$sql="INSERT INTO Users (userid, Username, Password, EMail, `Account Type`)
VALUES
(" . $count . ",'" . $username . "','" . $password . "','" . $_POST['email'] . "','" . $at . "')";
$result = mysql_query($sql , $connection);

 

I know it's hard to see them but I added them in there.  echo $sql before executing it to see your query.

 

Also, VERY IMPORTANT, do not send user input directly to the database without sanitizing it first!!  Using $_POST['email'] in your query is not a good idea unless you have already done something to prevent SQL injections.  At the very least use mysql_real_escape_string($_POST['email']);.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.