Member Avatar for onofej

Please could someone check this code for me as it is giving me You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near line .
Although this type of question has been ask by someone else before, but every ones code is different. thanks in advance.

        $username="***********";
        $password="******";
        $database="member";
        $conn=  mysql_connect($servername,$username,$password,$database)or die(mysql_error());
        mysql_select_db("datas",$conn);

        if (!$conn) { 
            die('Could not connect: ' . mysql_error()); 
        } 
            echo 'Connected successfully'; 
            mysql_select_db($database); 

        $sql="insert into datas(firstname,lastname,email,password,repassword,address)
                  values('$_GET[firstname]','$_GET[lastname]','$_GET[email]','$_GET[password],'$_GET[repassword],'$_GET[address])";
        $result=mysql_query($sql,$conn) or die(mysql_error());          
        print "<h1>you have registered sucessfully</h1>";

        print "<a href='index.php'>go to login page</a>";
        }
        else print "passwords doesnt match";
}
else print"invaild data";
?>
  • 4 Contributors
  • 6 Replies
  • 226 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by onofej
Member Avatar for Zagga

It looks like line 13 is your problem.
You are missing a few single quotes after the last couple of values.

Please, PLEASE do not use this code as it is. You are exposing yourself to some nasty SQL injection attacks by using unchecked GET variables.

At the very least, use mysql_real_escape_string

Member Avatar for onofej

Thanks for all your reply, it is really scary reading through all your post/advice/caution
Please if anyone have any idea where i can purchase already written good code for member registration? i think buying it to complete my company site seems the way out for me now
thanks to you all

Member Avatar for pritaeas

Have a look at PhpClasses.org. They may have something.

Member Avatar for Zagga

Hi onofej,

Sorry! It wasn't my intention to worry you so you didn't try and secure your code yourself.
SQL injection isn't something to be scared of, but it is something you need to be aware of and take precautions against.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.