www.webdeveloper.com
Results 1 to 4 of 4

Thread: PHP ERROR..Error: You have an error in your SQL syntax; check the manual that corresp

  1. #1
    Join Date
    Oct 2013
    Posts
    1

    Unhappy PHP ERROR..Error: You have an error in your SQL syntax; check the manual that corresp

    HELLO experts ............Im in trouble .can you plz help me >>>>>>>Im write a php coding for registration form for my website .........after all..................I get this error (Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1) plz help me .................

    THIS IS MY CODING

    <html>
    <body>
    <form action="insertdb.php" method="post"> <br />
    First Name: <input type="text" name="firstname" /> <br />
    Last Name: <input type="text" name="lastname" /> <br />
    Age:<input type="text" name="age" /> <br />
    Country: <input type="text" name="contury" /> <br />
    City: <input type="text" name="city" /> <br />
    Contact: <input type="text" name="contact" /> <br />
    <input type="submit" />
    </form>
    </body>
    </html>





    <?php
    $con = mysql_connect("localhost","665995","789512357u");
    if (!$con)
    {
    die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("665995", $con);

    $sql=mysql_query("INSERT INTO Main(firstname,lastname,age,contury,city,contact)
    VALUES
    ('$_POST[firstname]','$_POST[lastname]','$_POST[age]','$_POST[contury]','$_POST[city]','$_POST[contact]')");

    if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }

    echo "1 record added";

    mysql_close($con)

    ?>

    plz plz help me
    Im wating for your reply

  2. #2
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    517
    Horrible example of posting a database with unfiltered, unvalidated data from the user.

    1 - you MUST check those POST vars before using them in your query. You are just asking for trouble.

    2 - Associated arrays ($_POST) syntax is as follows: $_POST['name']. You should follow that.

    3 - Assuming that the 'age' is a numeric entry, then you DON'T want to put quotes around that value entry.

    And as a purely nit-picking pointer, the word is "country" not contury.

  3. #3
    Join Date
    Sep 2013
    Posts
    221
    Try out the below points:
    1.User-supplied data should never be placed directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize the data or use prepared statements.
    2.Stop Using the MySQL Extension!
    3.Try echo out the SQL query string if the query fails so that you can visually examine it.

    Hope this helps.
    strad solutionswww.stradsolutions.com

  4. #4
    Join Date
    Jul 2009
    Posts
    1
    Change (firstname,lastname,age,contury,city,contact)
    with (`firstname`,`lastname`,`age`,`contury`,`city`,`contact`)
    you will finf error if you have field in php function like order,desc etc
    php will read as function not field that should 'order' 'desc' etc

    2 - Associated arrays ($_POST) syntax is as follows: $_POST['name']. You should follow that.
    will error in php 5.4 or 5.5 usually I am using php 5.3 not shown error


    here the other sample



    insert.php
    <?php
    include'data.php';
    $con = mysql_connect("localhost","root","");
    if (!$con)
    {
    die('Could not connect: ' . mysql_error());
    }

    $db = mysql_select_db("665995", $con)
    or die("Couldn't select database.");

    $qty=db_num_rows(db_query("select firstname from Main where firstname='".$_POST['firstname']."'"));
    if ($qty==0){
    $s=db_query("insert into Main(`firstname`,`lastname`,`age`,`contury`,`city`,`contact`) values
    ('".$_POST['firstname']."','".$_POST['lastname']."','".$_POST['age']."','".$_POST['contury']."','".$_POST['city']."','".$_POST['contact']."')");
    }
    echo "<table border=1>";
    echo "<tr>
    <td>First Name</td><td>Last Name</td>
    </tr>";
    $q= db_query("select * from `Main` order by firstname");
    while($r=db_fetch_array($q)){
    echo "<tr>
    <td>".$r['firstname']."</td><td>".$r['lastname']."</td>
    </tr>";
    }
    echo "</table>";
    ?>


    datra.php
    <?php
    $style="<center><div align=center style=\"background-color: #FF6600;
    border-width:thin;color:white;border:1px dotted red; width:400px;text-align:center;
    font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;\">";
    if (!isset($DB_DIE_ON_FAIL)) { $DB_DIE_ON_FAIL = true; }
    if (!isset($DB_DEBUG)) { $DB_DEBUG = true; }

    function db_connect($dbhost, $dbname, $dbuser, $dbpass) {
    global $DB_DIE_ON_FAIL, $DB_DEBUG,$style;

    if (! $dbh = mysql_pconnect($dbhost, $dbuser, $dbpass)) {
    if ($DB_DEBUG) {
    echo "$style<h2>Failure trying to connect to $dbhost as $dbuser</h2>";
    echo "<p><b>MySQL Error</b>: ", mysql_error();
    } else {
    echo "$style<h2>Database error.</h2>";
    }

    if ($DB_DIE_ON_FAIL) {
    echo "$style The script is now halted.Please contact the webmaster";
    die();
    }
    }

    if (! mysql_select_db($dbname)) {
    if ($DB_DEBUG) {
    echo "$style<h2>Can't select database $dbname</h2>";
    echo "<p><b>MySQL Error</b>: ", mysql_error();
    } else {
    echo "$style<h2>Database error.</h2>";
    }

    if ($DB_DIE_ON_FAIL) {
    echo "$style The script is now halted.Please contact the webmaster</p>";
    die();
    }
    }

    return $dbh;
    }

    function db_query($query, $test=false, $terminate=true, $silent=false) {

    global $DB_DIE_ON_FAIL, $DB_DEBUG,$style;

    if ($test) {
    echo "<pre>" . htmlspecialchars($query) . "</pre>";

    if ($terminate) die;
    }

    $query = mysql_query($query);

    if (! $query && ! $silent) {
    if ($DB_DEBUG) {
    echo "$style<h2>Warning!</h2>The following error occured:";
    echo "<pre>" . htmlspecialchars($query) . "</pre>";
    echo "<p><b>MySQL Error</b>: ", mysql_error();
    } else {
    echo "$style<h2>Database Error occured!</h2>";
    }

    if ($DB_DIE_ON_FAIL) {
    echo "$style<br>The script is now halted.Please contact the webmaster<br>";
    die();
    }
    }

    return $query;
    }

    function db_fetch_array($query) {
    return mysql_fetch_array($query);
    }

    function db_fetch_row($query) {
    return mysql_fetch_row($query);
    }

    function db_num_rows($query) {
    return mysql_num_rows($query);
    }
    ?>

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles