Jump to content

SQL Syntax Error - Php regiform

foreverandeveralone

By foreverandeveralone
in PHP Coding Help

 Share

Recommended Posts

foreverandeveralone Newbie

foreverandeveralone

Posted
Posted

Hi there!

Thanks for your time, and thank you for taking a look at my post, I really hope you can help me out ;)

 

I just started on php, and I'm currently trying to develop a login/registration system. The login part works fine, but I'm getting this mysql error when i execute my registration code:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' ('username', 'password', 'email', 'name') VALUES ('test','098f' at line 1

 

I have been trying to troubleshoot this for hours now, and decided to turn to professionals  :shrug:

Below is my code and explanations  for the registration.

 

(register.php) The visual part. There shouldn't be any bugs here.

<?php session_start();?>

<html>
<head>
<title>SHAT Registration</title>
<link rel="stylesheet" type"text/css" href="style.css">
</head>

<body>
<div class="loginform">
<center>
<img src="logo.png">
<h3> -the only place thats cool enough</h3>
<br>
</center>

<?php
if (!isset($_SESSION['uid'])) {
echo "<p>Please Register or <a href='index.php'>Log in</a></p>";
} else {
header( 'Location: shat.php' ) ;
}

?>

<table border="0" cellspacing="3" cellpadding="3">
<form method="post" action="registration.php">
<tr><td>Username</td><td><input type="text" name="username"></td></tr>
<tr><td>Password</td><td><input type="password" name="password"></td></tr>
<tr><td>Confirm</td><td><input type="password" name="passconf"></td></tr>
<tr><td>E-mail</td><td><input type="text" name="email"></td></tr>
<tr><td>Name</td><td><input type="text" name="name"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="submit" value="Register!"></td></tr>
</form></table>

</div>
</body>
</html>

(functions.php) The security and connection code.

<?php

function protect ($string) {
$string = mysql_real_escape_string($string);
$string = strip_tags ($string);
$string = addslashes($string);

return $string;

}

function connect () {
$con = mysql_connect("localhost", "root", "lol123") or die (mysql_error());
$db = mysql_select_db("login", $con);
}

?>

 

(registration.php) The main part, errorcheck insert etc.

<?php
include_once "functions.php";

connect();

$username = protect ($_POST['username']);
$password = protect ($_POST['password']);
$confirm = protect ($_POST['passconf']);
$email = protect ($_POST['email']);
$name = protect ($_POST['name']);

$errors = array();


	if (!$username) {
		$errors[] = "Username is not defined!?";
		}

		if (!$password) {
		$errors[] = "Password is not defined!?";
		}

		if ($password) {
			if (!$confirm) {
			$errors[] = "Confirmation password is not defined!?";
			}
		}

		if (!$email) {
			$errors[] = "E-mail is not defined!?";
			}

		if (!$name) {
			$errors[] = "Name is not defined!?";
			}

			if($username) {
				if(!ctype_alnum ($username)) {
					$errors[] = "Username can only contain numbers and letters!";
					}
				$range = range(1,32);
				if(!in_array(strlen($username),$range)){
				$errors[] = "Username too long!";
            }
        }

		if($email){
			$checkemail = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";
				if(!preg_match($checkemail, $email)){
				$errors[] = "E-mail is not valid, must be name@server.tld!";
				}
			}

		if($name){
            $range2 = range(3,64);
            if(!in_array(strlen($name),$range2)){
                $errors[] = "Your name might be to short... or too long! How long is your name really niggurh?!";
            }
        }

	if ($username) {
		$sql = "SELECT * FROM users WHERE username ='($username)'";
		$res = mysql_query($sql) or die (mysql_error());

			if(mysql_num_rows($res) > 0) {
				$errors[] = "The username is already taken!";
				}
	}
	if($email){
		$sql2 = "SELECT * FROM users WHERE email='($email)'";
		$res2 = mysql_query ($sql2) or die (mysql_error());
			if(mysql_num_rows($res2) > 0) {
			$errors[] = "E-mail is already registered!";
		}
	}

	if (count($errors) > 0){
		foreach($errors AS $error){
			echo $error . "<br>\n";
		}
		}else {
			$sql4 = "INSERT INTO 'users'
			('username', 'password', 'email', 'name')
			VALUES ('".$username."','".md5($password)."','".$email."','".$name."')";

			$res4 = mysql_query ($sql4) or die (mysql_error());
			echo "<b>".$username."</b>, you have successfully registered! Welcome to SHAT! Please <a href='index.php'>log in</a>";

			}

?>

 

Mysql info

Database: Login
Table: users
Columns: id, username, password, email, name

 

genius.png

Now this genius can tell that my problem is related to my, mysql. I just don't know how to fix it, I feel like Ive tried everything.

If anyone could help me with this, or give some advice, or maybe just link to a related post, I would appreciated it very much!

 

 

Link to comment
https://forums.phpfreaks.com/topic/259626-sql-syntax-error-php-regiform/
Share on other sites
dragon_sa Member

dragon_sa

Posted
Posted

the problem is here you have 'users' when it should just be users

$sql4 = "INSERT INTO 'users'
			('username', 'password', 'email', 'name')
			VALUES ('".$username."','".md5($password)."','".$email."','".$name."')";

 

And when you post sql queries be sure to remove database usernames and passwords from the code you put up

foreverandeveralone Newbie

foreverandeveralone

Posted
  • Author
Posted

Thank you for the reply  :D! although it gave me a new error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''username', 'password', 'email', 'name') VALUES ('test','098f6bcd4621d373ca' at line 2

 

But now i know what section my problem is in.

 

I still can't seem to figure out how to fix it... maybe I should get of the computer for a couple of hours and return...

foreverandeveralone Newbie

foreverandeveralone

Posted
  • Author
Posted

I know it may seem immature. But it breaks the everyday formal-straightforward-black&white-way-of-communication. Which tends to be the norm of many boards like this. I mean it's good and all, and very professional, but it gets really boring and "dry" in many cases  ;)

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.