Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3

Thread: Syntax Error!

  1. #1
    New Coder
    Join Date
    Mar 2009
    Posts
    16
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Syntax Error!

    Hi,
    I am a PHP and MySQL beginner. I have faced a problem but not really sure whether is from the PHP coding or MySQL. It seems like a very simple problem but I could not find out the error. It give a error msg as such 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near.......near line 1. Due to this matter, I can't proceed to add the data into the database.Can anybody give me some guidelines? Thanks.....

    <html>
    <body>
    <form action="adduser.php" method="post">
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <table align="center" width="380" height="250" border="0" cellpadding="0" cellspacing="0">
    <tr>
    <td width="170"><div align="left"><strong>Username</strong></div></td>
    <td width="10"><div align="center"><strong>:</strong></div></td>
    <td width="200"><input type="text" name="username" value="" /></td>
    </tr>
    <tr>
    <td><div align="left"><strong>Password</strong></div></td>
    <td><div align="center"><strong>:</strong></div></td>
    <td><input type="text" name="password" value="" /></td>
    </tr>
    <tr>
    <td><div align="left"><strong>Full Name</strong></div></td>
    <td><div align="center"><strong>:</strong></div></td>
    <td><input type="text" name="fullname" value="" /></td>
    </tr>
    <tr>
    <td><div align="left"><strong>IC Number</strong></div></td>
    <td><div align="center"><strong>:</strong></div></td>
    <td><input type="text" name="ic" value="" /></td>
    </tr>
    <tr>
    <td><div align="left"><strong>Telephone</strong></div></td>
    <td><div align="center"><strong>:</strong></div></td>
    <td><input type="text" name="telephone" value="" /></td>
    </tr>
    <tr>
    <td><div align="left"><strong>Email</strong></div></td>
    <td><div align="center"><strong>:</strong></div></td>
    <td><input type="text" name="email" value="" /></td>
    </tr>
    <tr>
    <td><div align="left"><strong>History</strong></div></td>
    <td><div align="center"><strong>:</strong></div></td>
    <td><input type="text" name="history" value="" /></td>
    </tr>
    </table>
    </p>
    <table align="center" width="100" border="0" cellspacing="0" cellpadding="0">
    <tr>
    <td><input type="submit" name="save" value="Save" onclick="location.href='adduser.php'"/></td>
    <td><input type = "reset" value = "Reset"></td>
    <td><input type="button" name="cancel" value="Cancel" onclick="location.href='Content.html'"/></td>
    </tr>
    </table>
    <p>&nbsp;</p>
    <div align = right>
    <p>
    <input type="button" name="cance" value="Back To Main" onclick="location.href='Content.html'"/>
    </p>
    </p>
    </div>
    </form>

    <?php


    PHP Code:
    $username trim($_POST['username']);
        
    $psassword trim($_POST['password']);
        
    $fullname trim($_POST['fullname']);
        
    $ic trim($_POST['ic']);
        
    $telephone trim($_POST['telephone']);
        
    $email trim($_POST['email']);
        
    $history trim($_POST['history']);

        
    $connection mysql_pconnect('localhost','root','fsktm') or die('Unable to connect!');

        
    mysql_select_db('cinema') or die('Unable to select database!');



    if (isset(
    $_POST['save']))
    {
        
    $insert "INSERT INTO user(username,password,full_name,ic_number,telephone,email,history) VALUES ($username, $password, $fullname, $ic, $telephone, $email, $history)" or die ("Could not insert new data :" mysql_error());

        
    mysql_query($insert) or die(mysql_error());
    }

    else 
    {
        echo 
    "All fields are required to be completed !! <br />";
    }

    mysql_close($connection); 
    ?>

    </body>
    </html>

  • #2
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    PHP Code:
    $insert "INSERT INTO user(username,password,full_name,ic_number,telephone,email,history) VALUES ($username, $password, $fullname, $ic, $telephone, $email, $history)" or die ("Could not insert new data :" mysql_error()); 
    1) $insert = is a variable assignment; you're assigning the string contained in the "double quotes" on the right to the variable $insert on the left. It is not a function call, thus you cannot use or die() at the end of it. Make the assignment and end it.
    2) Your SQL statement isn't using any quotes to surround the data, e.g. '$username', '$password', etc. This is the cause of your syntax error.

    PHP Code:
    $psassword trim($_POST['password']); 
    3) You've misspelled 'password' in your variable assignment.
    4) Whatever you do, don't insert a plaintext password into the database. At least if this is any sort of application you want to keep secure for any length of time. At the very least use SHA1 or SHA256 to hash the password and store that value instead.

    5) Speaking of security, all you're doing is reassigning the incoming POST data to local variables for insertion into the database. Make sure you get into the habit of properly validating and escaping data that gets anywhere near your db.

  • Users who have thanked bdl for this post:

    pelehelp (03-28-2009)

  • #3
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,858
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Hi pelehelp, please don't post your entire code in bold, it gives a impression of shouting. You may use [CODE][/CODE] tags to wrap your client side code, just like the [PHP][/PHP] tags.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •