/    Sign up×
Community /Pin to ProfileBookmark

PHP ERROR..Error: You have an error in your SQL syntax; check the manual that corresp

HELLO experts …………Im in trouble .can you plz help me >>>>>>>Im write a php coding for registration form for my website ………after all………………I get this error (Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘1’ at line 1) plz help me ……………..

THIS IS MY CODING

<html>
<body>
<form action=”insertdb.php” method=”post”> <br />
First Name: <input type=”text” name=”firstname” /> <br />
Last Name: <input type=”text” name=”lastname” /> <br />
Age:<input type=”text” name=”age” /> <br />
Country: <input type=”text” name=”contury” /> <br />
City: <input type=”text” name=”city” /> <br />
Contact: <input type=”text” name=”contact” /> <br />
<input type=”submit” />
</form>
</body>
</html>

<?php
$con = mysql_connect(“localhost”,”665995″,”789512357u”);
if (!$con)
{
die(‘Could not connect: ‘ . mysql_error());
}

mysql_select_db(“665995”, $con);

$sql=mysql_query(“INSERT INTO Main(firstname,lastname,age,contury,city,contact)
VALUES
(‘$_POST[firstname]’,’$_POST[lastname]’,’$_POST[age]’,’$_POST[contury]’,’$_POST[city]’,’$_POST[contact]’)”);

if (!mysql_query($sql,$con))
{
die(‘Error: ‘ . mysql_error());
}

echo “1 record added”;

mysql_close($con)

?>

plz plz help me
Im wating for your reply

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@ginerjmOct 12.2013 — Horrible example of posting a database with unfiltered, unvalidated data from the user.

1 - you MUST check those POST vars before using them in your query. You are just asking for trouble.

2 - Associated arrays ($_POST) syntax is as follows: $_POST['name']. You should follow that.

3 - Assuming that the 'age' is a numeric entry, then you DON'T want to put quotes around that value entry.

And as a purely nit-picking pointer, the word is "country" not contury.
Copy linkTweet thisAlerts:
@priyankagoundOct 16.2013 — Try out the below points:

1.User-supplied data should never be placed directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize the data or use prepared statements.

2.Stop Using the MySQL Extension!

3.Try echo out the SQL query string if the query fails so that you can visually examine it.

Hope this helps.
Copy linkTweet thisAlerts:
@donie_loOct 17.2013 — Change (firstname,lastname,age,contury,city,contact)

with (firstname,lastname,age,contury,city,contact)

you will finf error if you have field in php function like order,desc etc

php will read as function not field that should 'order' 'desc' etc

2 - Associated arrays ($_POST) syntax is as follows: $_POST['name']. You should follow that.

will error in php 5.4 or 5.5 usually I am using php 5.3 not shown error


here the other sample



insert.php

<?php

include'data.php';

$con = mysql_connect("localhost","root","");

if (!$con)

{

die('Could not connect: ' . mysql_error());

}

$db = mysql_select_db("665995", $con)

or die("Couldn't select database.");

$qty=db_num_rows(db_query("select firstname from Main where firstname='".$_POST['firstname']."'"));

if ($qty==0){

$s=db_query("insert into Main(firstname,lastname,age,contury,city,contact) values

('".$_
POST['firstname']."','".$_POST['lastname']."','".$_POST['age']."','".$_POST['contury']."','".$_POST['city']."','".$_POST['contact']."')");

}

echo "<table border=1>";

echo "<tr>

<td>First Name</td><td>Last Name</td>

</tr>";

$q= db_query("select * from Main order by firstname");

while($r=db_fetch_array($q)){

echo "<tr>

<td>".$r['firstname']."</td><td>".$r['lastname']."</td>

</tr>";

}

echo "</table>";

?>


datra.php

<?php

$style="<center><div align=center style="background-color: #FF6600;

border-width:thin;color:white;border:1px dotted red; width:400px;text-align:center;

font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">";

if (!isset($DB_DIE_ON_FAIL)) { $DB_DIE_ON_FAIL = true; }

if (!isset($DB_DEBUG)) { $DB_DEBUG = true; }

function db_connect($dbhost, $dbname, $dbuser, $dbpass) {

global $DB_DIE_ON_FAIL, $DB_DEBUG,$style;

if (! $dbh = mysql_pconnect($dbhost, $dbuser, $dbpass)) {
if ($DB_DEBUG) {
echo "$style<h2>Failure trying to connect to $dbhost as $dbuser</h2>";
echo "<p><b>MySQL Error</b>: ", mysql_error();
} else {
echo "$style<h2>Database error.</h2>";
}

if ($DB_DIE_ON_FAIL) {
echo "$style The script is now halted.Please contact the webmaster";
die();
}
}

if (! mysql_select_db($dbname)) {
if ($DB_DEBUG) {
echo "$style<h2>Can't select database $dbname</h2>";
echo "<p><b>MySQL Error</b>: ", mysql_error();
} else {
echo "$style<h2>Database error.</h2>";
}

if ($DB_DIE_ON_FAIL) {
echo "$style The script is now halted.Please contact the webmaster</p>";
die();
}
}

return $dbh;

}

function db_query($query, $test=false, $terminate=true, $silent=false) {

global $DB_DIE_ON_FAIL, $DB_DEBUG,$style;

if ($test) {
echo "<pre>" . htmlspecialchars($query) . "</pre>";

if ($terminate) die;
}

$query = mysql_query($query);

if (! $query && ! $silent) {
if ($DB_DEBUG) {
echo "$style<h2>Warning!</h2>The following error occured:";
echo "<pre>" . htmlspecialchars($query) . "</pre>";
echo "<p><b>MySQL Error</b>: ", mysql_error();
} else {
echo "$style<h2>Database Error occured!</h2>";
}

if ($DB_DIE_ON_FAIL) {
echo "$style<br>The script is now halted.Please contact the webmaster<br>";
die();
}
}

return $query;

}

function db_fetch_array($query) {

return mysql_fetch_array($query);

}

function db_fetch_row($query) {

return mysql_fetch_row($query);

}

function db_num_rows($query) {

return mysql_num_rows($query);

}

?>
×

Success!

Help @Mohammad_uzair spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...