1

I am tying to make a user system with a mysql database. I have tried to insert a row into a table with the following php code:

$UserCreateQueryText = "INSERT INTO  users (
Username, Password, FirstName, LastName, eMail, ID, ClearanceLevel)
VALUES (
" . $User . ", " . $Password . ", " . $FirstName . ", " . $LastName . ", " . $eMailToUse . ", NULL, 1)";

$UserCreateQuery = mysql_query($UserCreateQueryText) or die(" User creation query error: " . mysql_error());

The Variables I used are defined as follows:

$User = mysql_real_escape_string($_GET["Username"]);
$Password = mysql_real_escape_string($_GET["Password"]);
$FirstName = mysql_real_escape_string($_GET["FirstName"]);
$LastName = mysql_real_escape_string($_GET["LastName"]);
$eMail = mysql_real_escape_string($_GET["eMail"]);

I used $_GET so I could see the variables were actually being passed correctly.

So, if I inserted a eMail (example@domain.com) the result of $UserCreateQueryText would be:

INSERT INTO  users (
Username, Password, FirstName, LastName, eMail, ID, ClearanceLevel)
VALUES (
username, password, Name, LastName, , NULL, 1)

so getting the eMail field clear and an error is thrown back:

User creation query error: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to use near
' NULL, 1)' at line 4

-Ric Del (foxtailgames.com.mx)

rdelfin
  • 819
  • 2
  • 13
  • 31
  • That's a problem with your query. Try echoing it instead, and run it in phpmyadmin and see what comes up to try to figure it out. The query isn't properly formed. – Cyclone Aug 30 '11 at 23:01

1 Answers1

2

You need to quote string values:

INSERT INTO ... VALUES ('String', 'string', ...)

Currently you're not:

INSERT INTO ... VALUES(Foo, Bar@baz.com, ...)

That gives the syntax error.

deceze
  • 510,633
  • 85
  • 743
  • 889
  • `echo` your final query with the inserted values and post it here. – deceze Aug 30 '11 at 23:05
  • I did: INSERT INTO users ( Username, Password, FirstName, LastName, eMail, ID, ClearanceLevel) VALUES ( username, password, Name, LastName, , NULL, 1) (Email stays empty) – rdelfin Aug 30 '11 at 23:06
  • Well there's your problem, you have that empty comma. – Cyclone Aug 30 '11 at 23:07
  • @ricky Yup, and the `, ,` is causing a syntax error, **because you did not put quotes around your values**. Even if the syntax would be correct, you'd get another error because the values aren't in quotes. Also, you're calling your email variable `$eMailToUse` here and `$eMail` there, which is why it stays empty. Activate error reporting to catch such typos! – deceze Aug 30 '11 at 23:09