<?php
$con = mysql_connect('localhost', 'leto_hostes', 'password_hidden');
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("letohost_player", $con);

$sql="INSERT INTO `letohost_user`.`player` (`USER_ID` ,`USERNAME` ,`PASSWORD` ,`EMAIL` ,`POSITION` ,`ACTIVE` ,`MEMBER` )
VALUES (NULL , '$_POST[register_username]', 'md5($_POST[register_password])', '$_POST[register_email]', '0', '0', '0');)";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>

My error with this code when somebody tries to register is:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 2

You need to encase your array variables with curly brackets like this:

'{$_POST[register_username]}'
Member Avatar

Yes EE.

$sql="INSERT INTO `letohost_user`.`player` (`USER_ID` ,`USERNAME` ,`PASSWORD` ,`EMAIL` ,`POSITION` ,`ACTIVE` ,`MEMBER` )
VALUES (NULL , '$_POST[register_username]', 'md5($_POST[register_password])', '$_POST[register_email]', '0', '0', '0');)";

But LH, please use the correct syntax. Even with encased array vars, the array member should be quoted - either with single or double quotes:

"...{$_POST['register_password']}..."
OR
"...{$_POST[\"register_password\"]}..."
AND
"...{$_POST['register_email']}..."
OR
"...{$_POST[\"register_email\"]}..."

Is it the same with the md5 variable? And thank you for the help on this script. I'm not that good when it comes to PHP and SQL.. How did i not use the right syntax? :S

Okay, After editting the script, i now recieve the error:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/letohost/public_html/register.php  on line 11

line 11 new syntax:

$sql="INSERT INTO `letohost_user`.`player` (`USER_ID` ,`USERNAME` ,`PASSWORD` ,`EMAIL` ,`POSITION` ,`ACTIVE` ,`MEMBER` )
VALUES (NULL , {$_POST['register_username']}, {md5($_POST['register_password']}), {$_POST['register_email']}, '0', '0', '0');)";

no quotes on table names column names

mysql_query("INSERT INTO Persons (FirstName, LastName, Age) VALUES ('Peter', 'Griffin', '35')");
// so
$sql="INSERT INTO letohost_user.player (USER_ID, USERNAME, PASSWORD, EMAIL, POSITION, ACTIVE, MEMBER) VALUES (NULL, {$_POST['register_username']}, {md5($_POST['register_password']}), {$_POST['register_email']}, '0', '0', '0');)";

http://www.w3schools.com/php/php_mysql_insert.asp

@almostbob

I've added the script you wrote there and i'm still recieving the same error..

not added, example code only

read the link provided to find the correct format and edit your code

not added, example code only

read the link provided to find the correct format and edit your code

I've done that too and it still isn't working..

Member Avatar

Notice you use VALUES syntax. I prefer the SET syntax so that I know everything (fields + values) match up. THis obviously has its limitations, but has saved hours in trying to disentangle my statements.

$sql="INSERT INTO letohost_user.player (USER_ID, USERNAME, PASSWORD, EMAIL, POSITION, ACTIVE, MEMBER) VALUES (NULL, {$_POST['register_username']}, {md5($_POST['register_password']}), {$_POST['register_email']}, '0', '0', '0');)";

BECOMES

$md5p = md5($_POST['register_password']); 

$sql="INSERT INTO letohost_user.player SET `USERNAME` = '{$_POST['register_username']}', `PASSWORD` = '$md5p', `EMAIL` = '{$_POST['register_email']}', `POSITION` = 0, `ACTIVE` = 0, `MEMBER` = 0";

I'm not saying that this is better, just an option. I usually echo out the statement to find any obvious errors:

echo $sql;

In addition, if I get an error, but can't see the issue, I'll paste the echoed statement into my DB GUI (sqlYOG or phpmyadmin) SQL box and run it there. I tweak the SQL manually until I get it to work before returning to the php for adjustments. Just my two-penneth worth.