PDA

Click to See Complete Forum and Search --> : sql query problem

cashton2k
02-05-2006, 01:00 PM
i have inherited the following code

<?php
} else {
$query = "INSERT INTO user_info (username, password, email, " .
"first_name, last_name, city, state, hobbies) " .
"VALUES ('" . $_POST['username'] . "', " .
"(PASSWORD('" . $_POST['password'] . "')), '" .
$_POST['email'] . "', '" . $_POST['first_name'] .
"', '" . $_POST['last_name'] . "', '" . $_POST['city'] .
"', '" . $_POST['state'] . "', '" .
implode(", ", $_POST['hobbies']) . "');";
$result = mysql_query($query)
or die(mysql_error());
$_SESSION['user_logged'] = $_POST['username'];
$_SESSION['user_password'] = $_POST['password'];
?>

i need to stop it inserting hobbies,state and city but everytime i remove code i get it wrong and i have errors, anyone got an ideas?

cheers for any help
NogDog
02-05-2006, 02:28 PM
I think this is what you want (re-written using the "heredoc" string format and "complex" variable format to make it easier for me to figure out what was what):

$query = <<<EOD
INSERT INTO user_info (username, `password`, email, first_name, last_name)
VALUES ('{$_POST['username']}, PASSWORD('{$_POST['password']}),
'{$_POST['email']}', '{$_POST['first_name']}', '{$_POST['last_name']}')
EOD;


Also, as above, you need to `back-quote` the password column name since "password" is a reserved word in MySQL.
cashton2k
02-05-2006, 02:36 PM
i get

Parse error: syntax error, unexpected T_SL in C:\Program Files\Apache Group\Apache2\htdocs\admin\newuser.php on line 47

line 47 = $query = <<<EOD

<?php
$query = <<<EOD
INSERT INTO user_info (username, 'password', email, first_name, last_name)
VALUES ('{$_POST['username']}, PASSWORD('{$_POST['password']}),
'{$_POST['email']}', '{$_POST['first_name']}', '{$_POST['last_name']}')
EOD;
$result = mysql_query($query)
or die(mysql_error());
$_SESSION['user_logged'] = $_POST['username'];
$_SESSION['user_password'] = $_POST['password'];
?>
NogDog
02-05-2006, 03:00 PM
Parses OK on my 'puter; there's probably something wrong in a line preceding line 47. (The line number in any parse error message is the line the parser got to when it "gave up"; it's not necessarily the line where the problem is.)
cashton2k
02-05-2006, 03:24 PM
lines before it

<?php
include "conn.inc.php";
include "auth_admin.inc.php";
?>
<html>
<head>
<title>I.P Tutor >> Admin >> Add User</title>
<link rel="stylesheet" href="../stylesheets/iptutorstyle.css" type="text/css">
</head>
<body>
<?php
if (isset($_POST['submit']) && $_POST['submit'] == "Register") {
if ($_POST['username'] != "" &&
$_POST['password'] != "" &&
$_POST['first_name'] != "" &&
$_POST['last_name'] != "" &&
$_POST['email'] != "") {

$query = "SELECT username FROM user_info " .
"WHERE username = '" . $_POST['username'] . "';";
$result = mysql_query($query)
or die(mysql_error());

if (mysql_num_rows($result) != 0) {
?>
<p>
<h5>The Username,
<?php echo $_POST['username']; ?>, is already in use, please choose
another!</h5>
<form action="newuser.php" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"
value="<?php echo $_POST['password']; ?>"><br>
Email: <input type="text" name="email"
alue="<?php echo $_POST['email']; ?>"><br>
First Name: <input type="text" name="first_name"
value="<?php echo $_POST['first_name']; ?>"><br>
Last Name: <input type="text" name="last_name"
value="<?php echo $_POST['last_name']; ?>"><br>

</select><br><br>
<input type="submit" name="submit" value="Register"> &nbsp;
<input type="reset" value="Clear">
</form>
</p>