www.webdeveloper.com
Results 1 to 2 of 2

Thread: MySQL won't complete registeration

  1. #1
    Join Date
    Mar 2013
    Posts
    1

    MySQL won't complete registeration

    Hello, I am making a registration form and I get an error:
    "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for thhe right syntax to use near" at line 1"
    This is the create.php

    PHP Code:
    <?php include("inc/incfiles/header.inc.php"); ?>

    <?php

    $reg 
    = @$_POST['reg'];
    $fname = @$_POST['firstname'];
    $lname = @$_POST['lastname'];
    $username = @$_POST['username'];
    $email = @$_POST['email'];
    $password = @$_POST['password'];
    $password2 = @$_POST['password2'];
    $u_check = @$_POST[''];

    // reg form
    $firstname strip_tags(@$_POST['firstname']);
    $lastname strip_tags(@$_POST['lastname']);
    $username strip_tags(@$_POST['username']);
    $email strip_tags(@$_POST['email']);
    $password strip_tags(@$_POST['password']);
    $password2 strip_tags(@$_POST['password2']);

    if (
    $reg) {
    // Check if user already exists
    $u_check mysql_query("SELECT username FROM users WHERE username='$username'");
    // Count the amount of rows where username = $un
    $check mysql_num_rows($u_check);
    if (
    $check == 0) {
    //check all of the fields have been filed in
    if ($firstname&&$lastname&&$username&&$email&&$password&&$password2) {
    // check that passwords match
    if ($password==$password2) {
    // check the maximum length of username/first name/last name does not exceed 25 characters
    if (strlen($username)>25||strlen($firstname)>25||strlen($lastname)>25) {
    echo 
    "The maximum limit for username/first name/last name is 25 characters!";
    }
    else
    {
    // check the maximum length of password does not exceed 25 characters and is not less than 5 characters
    if (strlen($password)>30||strlen($password)<5) {
    echo 
    "Your password must be between 5 and 30 characters long!";
    }
    else
    {
    $query mysql_query("INSERT INTO users VALUES ($firstname,'$lastname','$username','$email','$password'"); die(mysql_error());
    die(
    "Well done, you've made your account. <a href=\"logout.php\"Logout?");
    }
    }
    }
    else {
    echo 
    "<img src='img/x.png'>Your passwords don't match!";
    }
    }
    else
    {
    echo 
    "Please fill in all of the fields";
    }
    }
    else
    {
    echo 
    "Username already taken ...";
    }
    }
    ?>
    <br /><br /><br /><br />
    <form action='create.php' method='POST'>
    <div id="create">
        <table>
            <tr>
                <td> First Name: </td>
                <td><input type="text" name="firstname" /></td>
            </tr>
            <tr>
                <td> Last Name: </td>
                <td><input type="text" name="lastname" /></td>
            </tr>
            <tr>
                <td> Username: </td>
                <td><input type="text" name="username" /><br /></td>
            </tr>
            <tr>
                <td> Email: </td>
                <td><input type="text" name="email" /><br /></td>
            </tr>
            <tr>
                <td> Password: </td>
                <td><input type="password" name="password" /><br /></td>
            </tr>
            <tr>
                <td> Repeat Password: </td>
                <td><input type="password" name="password2" /><br /></td>
            </tr>
            <tr>
                <td><input type="submit" name="reg" value="Sign Up!"></td>
            </tr>
        </table>
    </div>
    </form>

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,637
    I'm guessing you want quotes around $firstname in the insert query.

    Also, you need to add some escaping (see the mysql_real_escape_string() function) to protect against sql injection errors/attacks.

    Better yet, you could upgrade to the MySQLi or PDO extensions and make use of prepared statements and bound parameters so that you don't have to do the escaping yourself (with the added bonus that you don't have to worry about the fact that the old MySQL extension is now officially deprecated in PHP.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles