what does this error message mean

[worldcomingtoanend]

SQL statement failed with error: 37000: [Microsoft] [ODBC SQL Server Driver] [sql Server] The name 'jackjack' in this context is not allowed. 
Only constants, expressions with Bridge and variables are permissible. Column names are not permissible .

 

here is the code that i have created to try and add user details to the database:

 

<?php

$con = odbc_connect("xxx","xxxx","xxxx") or die ("cannot find server");


$sql = 'insert into netpeople(
				name,
				email,
				username,
				password
				) 
				VALUES
				(
				"' . $_POST['name'] . '", 
				"' . $_POST['email'] . '",
				"' . $_POST['username'] . '",
				"' . md5($_POST['password']) . '"
				)';


$results = odbc_exec($con, $sql);
if (!$results) {
    print("SQL statement failed with error:\n");
    print(odbc_error($con).": ".odbc_errormsg($con)."\n");
  } else {
    print("One data row inserted.\n");
  }  

?>
<form name="registration_form" method="post">
Name:<input type="text" name="name"><br>
E-mail:<input type="text" name="email"><br>
Username:<input type="text" name="username"><br>
Password:<input type="password" name="password"><br>
Repeat password:<input type="password" name="password_confirmation">
<input type="submit" value="Register">
</form>

[PFMaBiSmAd]

You are using double-quotes around the values, which causes them to be treated as identifiers (i.e. column, table, or database names.)

 

You need to switch the use of quotes. Use double-quotes at the start and end of the php strings and use single-quotes inside the sql syntax.

[worldcomingtoanend]

thanks for replying me....but have tried that but it didnt help much........

[PFMaBiSmAd]

We cannot really help you with errors unless we see the error message and the code that produces the error.