Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 15 of 15
  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts

    mysql_query insert

    PHP Code:
    mysql_query("INSERT INTO Player (`name`, `password`, `attack`, `strength`, `defense`, `agility`, `dexterity`, `gold`, `level`, `email`) VALUES('".mysql_real_esacpe_string($_POST['account_name'])."','"mysql_real_escape_string(md5($_POST['password']))."','".mysql_real_escape_string($_POST['email'])."','10','10','10','10','10','100','1'") or die('Server Error: ' mysql_error()); 
    I am getting a error message saying:Server Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

    Though I don't see anything wrong with it.

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,858
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Change your
    Code:
    mysql_query("INSERT INTO Player (`name`, `password`, `attack`, `strength`, `defense`, `agility`, `dexterity`, `gold`, `level`, `email`) VALUES('".mysql_real_esacpe_string($_POST['account_name'])."','". mysql_real_escape_string(md5($_POST['password']))."','".mysql_real_escape_string($_POST['email'])."','10','10','10','10','10','100','1'") 
    or die('Server Error: ' . mysql_error());
    to
    PHP Code:
    echo $sql="INSERT INTO Player (`name`, `password`, `attack`, `strength`, `defense`, `agility`, `dexterity`, `gold`, `level`, `email`) VALUES('".mysql_real_esacpe_string($_POST['account_name'])."','"mysql_real_escape_string(md5($_POST['password']))."','".mysql_real_escape_string($_POST['email'])."','10','10','10','10','10','100','1'";
    mysql_query($sql) or die('Server Error: ' mysql_error()); 
    and carefully observe the parsed outputof $sql (obtained in the browser).
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    I'm still getting the same error. I'm not to sure what is giving me this error. I can't figure it out.

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,858
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    I'm still getting the same error.
    I hadn't given any solution to your issue.
    Post your echoed output of $sql here.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #5
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    PHP Code:
    <?php
    $name 
    $_POST['account_name'];
    $password $_POST['password'];
    $retype_password $_POST['pass'];
    $email $_POST['email'];
    $email2 $_POST['email2'];

    $con mysql_connect('localhost","username","password");
    if(!$con) {
    die('
    Server Error' . mysql_error());
    }

    mysql_select_db('
    database', $con);

    $email = mysql_query("SELECT email FROM player WHERE email='
    $email'") or die('Server Error' . mysql_error());
    $check = mysql_num_rows($email);

    if($check['
    email'] > 1) {

    $error4 = "This email is already being used.";

    }

    if(isset($_POST['
    go'])) {

    if($_POST['
    account_name'] =='') {

    $error1 = '
    Please type in your account name.';

    }elseif($_POST['
    password'] =='' || $_POST['pass'] =='') {

    $error2 = '
    Please type in a password to use.';

    }elseif($_POST['
    password'] !='' && $_POST['pass'] !='' && $_POST['password'] != $_POST['pass']) {

    $error2 = "Your password doesn'
    t match!";

    }elseif($_POST['email'] =='' || $_POST['email2'] =='') {

    $error3 = "
    Please type in a email address";

    }elseif($_POST['email'] !='' && $_POST['email2'] !='' && $_POST['email'] != $_POST['email2']) {

    $error3 = "
    Your emails do not match.";

    }else {

    $con = mysql_connect('localhost','username','password');
    if(!$con) {
    die('Server Error: ' . mysql_error());
    }

    mysql_select_db('database', $con);

    mysql_query("
    INSERT INTO player (namepasswordattackstrengthdefenseagilitydexteritygoldlevelemailVALUES('$name','$password','10','10','10','10','10','100','1','$email'") or die('Server Error: ' . mysql_error());  



    }

    }

    ?>
    Last edited by Jon W; 03-16-2009 at 10:32 AM.

  • #6
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,858
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Would you please reread my first post?
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #7
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Code:
    $con = mysql_connect('localhost","username","password");
    replace ' with " in that place and follow abduraooft suggestion.

    best regards

  • #8
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    PHP Code:
    <?php
    if(isset($_POST['submit'])) {

    $con mysql_connect("localhost","username","password");
    if(!
    $con) {
    die(
    'Server Error: ' mysql_error());
    }

    mysql_select_db("mydatabase"$con);

    $email $_POST['address'];


    $comfirm mysql_query("SELECT email FROM users WHERE email='$email'") or die('Server Error: ' mysql_error());
    $check mysql_num_rows($comfirm);

    if(
    $check >= 1) {

    $error "This email address is already being used.";

    }

    mysql_close($con);

    if(
    $_POST['account_name'] =='') {

    $error "You must fill in a account name.";

    }elseif(
    $_POST['password'] =='' || $_POST['pass'] =='') {

    $error "Please fill in a password.";

    }elseif(
    $_POST['password'] != $_POST['pass']) {

    $error "These passwords do not match!";

    }elseif(
    $_POST['address'] =='' || $_POST['email'] =='') {

    $error "Please fill in your email.";

    }elseif(
    $_POST['address'] != $_POST['email']) {

    $error "Your emails do not match!";

    }else {

    $con mysql_connect("localhost","username","password);
    if(!$con) {
    die('Server Error: ' . mysql_error());
    }

    mysql_select_db("
    mydatabase", $con);


    $account_name = $_POST['account_name'];
    mysql_real_escape_string($account_name);
    $email = $_POST['address'];
    mysql_real_escape_string($email);
    $password = $_POST['password'];
    mysql_real_escape_string(md5($password));
    $pass = $_POST['pass'];
    mysql_real_escape_string(md5($pass));
    $email = $_POST['address'];
    mysql_real_escape_string($email);
    $email2 = $_POST['email'];
    mysql_real_escape_string($email2);

    mysql_query("
    INSERT INTO users (`name`, `password`, `email`) VALUES('". $_POST['account_name'] ."''". $_POST['password'] ."','". $_POST['email'] ."'") or die('Server Error: ' . mysql_error());                             


    }

    }
    ?>
    Could someone to explain to me what and why everytime no matter what I seem to do I get the following error: Server Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

    I know the details are limited but it truely has me going crazy trying to figure this one out. I've been over this code a hundred times I've looked at other PHP scripts that are almost the same code which happens to work fine and I just can't see whats wrong with this...

    Help!! lol
    Last edited by Jon W; 03-17-2009 at 02:46 AM.

  • #9
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Does anyone have a clue?

  • #10
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by abduraooft View Post
    Change your
    Code:
    mysql_query("INSERT INTO Player (`name`, `password`, `attack`, `strength`, `defense`, `agility`, `dexterity`, `gold`, `level`, `email`) VALUES('".mysql_real_esacpe_string($_POST['account_name'])."','". mysql_real_escape_string(md5($_POST['password']))."','".mysql_real_escape_string($_POST['email'])."','10','10','10','10','10','100','1'") 
    or die('Server Error: ' . mysql_error());
    to
    PHP Code:
    echo $sql="INSERT INTO Player (`name`, `password`, `attack`, `strength`, `defense`, `agility`, `dexterity`, `gold`, `level`, `email`) VALUES('".mysql_real_esacpe_string($_POST['account_name'])."','"mysql_real_escape_string(md5($_POST['password']))."','".mysql_real_escape_string($_POST['email'])."','10','10','10','10','10','100','1'";
    mysql_query($sql) or die('Server Error: ' mysql_error()); 
    and carefully observe the parsed outputof $sql (obtained in the browser).
    Quote Originally Posted by abduraooft View Post
    I hadn't given any solution to your issue.
    Post your echoed output of $sql here.
    Quote Originally Posted by abduraooft View Post
    Would you please reread my first post?
    Quote Originally Posted by oesxyl View Post
    Code:
    $con = mysql_connect('localhost","username","password");
    replace ' with " in that place and follow abduraooft suggestion.

    best regards
    Quote Originally Posted by Jon W View Post
    Does anyone have a clue?
    ???

    best regards

  • #11
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Okay, so all of that I have done. I have echo the Mysql query out on to the page. It looks totally fine. I did fix the typo, that was a typo when I was editing the user name and password to post the PHP. I've gone through the code more then once now. Each and every time I get the same exact error.

    Code:
    INSERT INTO users username, password, email VALUES 'jon', 'password','myemailaddress'
    That is what the query looks like when I echo it on the page.

  • #12
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    you miss another " after password.
    Code:
    $con = mysql_connect("localhost","username","password");
    PHP Code:
    <?php
    $con 
    mysql_connect("localhost","username","password");
    if(!
    $con) {
    die(
    'Server Error: ' mysql_error());
    }

    mysql_select_db("mydatabase"$con);


    $account_name $_POST['account_name'];
    mysql_real_escape_string($account_name);
    $email $_POST['address'];
    mysql_real_escape_string($email);
    $password $_POST['password'];
    mysql_real_escape_string(md5($password));
    $pass $_POST['pass'];
    mysql_real_escape_string(md5($pass));
    $email $_POST['address'];
    mysql_real_escape_string($email);
    $email2 $_POST['email'];
    mysql_real_escape_string($email2);

    mysql_query("INSERT INTO users (`name`, `password`, `email`) VALUES('"$_POST['account_name'] ."', '"$_POST['password'] ."','"$_POST['email'] ."'") or die('Server Error: ' mysql_error());                             


    }

    }
    ?>
    Quote Originally Posted by Jon W View Post
    Okay, so all of that I have done. I have echo the Mysql query out on to the page. It looks totally fine. I did fix the typo, that was a typo when I was editing the user name and password to post the PHP. I've gone through the code more then once now. Each and every time I get the same exact error.

    Code:
    INSERT INTO users username, password, email VALUES 'jon', 'password','myemailaddress'
    That is what the query looks like when I echo it on the page.
    that could because of missing ", but also could be a problem with the query.
    correct the quote, I suggest you to use a editor with highlight syntax.

    add to the top of your file this:
    PHP Code:
    ini_set('display_error',1);
    error_reporting(E_ALL); 
    best regards

  • #13
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You should also secure these with proper escaping.
    I see you're doing some mysql_real_escape_string; however, its incorrect. MySQL_real_escape_string does not alter a reference, it takes a string and returns a string. Later in you're query, you've gone back to using the $_POST directly.
    PHP Code:

    $name 
    mysql_real_escape_string($_POST['account_name']);
    $password md5($_POST['password']);
    $email mysql_real_escape_string($_POST['email']);

    mysql_query("INSERT INTO users (`name`, `password`, `email`) VALUES('"$name ."', '"$password ."','"$email ."'") or die('Server Error: ' mysql_error()); 
    If you're using an md5 or similar hash, you won't actually need to escape it. The results are always hex digits, so you'll never have a ' or invalid character in it.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #14
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    I've figure this problem out. The problem was that I had a ) outside of the mysql_query

    Good Query

    PHP Code:
    mysql_query("INSERT INTO users (`username`,`password`,`email`,`attack`,`strength`,`defense`,`agility`,`dexterity`,`gold`,`level`) VALUES('".$_POST['account_name']."','"md5($_POST['password']) ."','"$_POST['email'] ."','10','10','10','10','10','100','1')") or die('Server Error: ' mysql_error()); 
    Bad Query ...

    PHP Code:
    mysql_query("INSERT INTO users (`username`,`password`,`email`,`attack`,`strength`,`defense`,`agility`,`dexterity`,`gold`,`level`) VALUES('".$_POST['account_name']."','"md5($_POST['password']) ."','"$_POST['email'] ."','10','10','10','10','10','100','1'")) or die('Server Error: ' mysql_error()); 
    Notice at the very end of it that the ) are two on the outside of the query.

    Bad

    PHP Code:
    '10','10','100','1'")) 
    Good

    PHP Code:
    '10','10','100','1')") 
    Thanks a lot for all of the help.

  • #15
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    keep in mind to correct what Fou-Lu said else mysql_real_escape_string is useless.

    best regards


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •