Member Avatar for ManishS

hi...
I am getting an error:"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.1989)' at line 1"
please help me removing the errror

<?php
    include "functions.php";
?>
<html>
    <head>
        <title>
            Register Form 
        </title>
    </head>
    <body>
        
        <center>
            <form method="POST" action="index.php">
            <table border="0" style="width:250;text-align:left;border: 1px solid black;padding:2px; font-family:Verdana; font-size:12px; ">
            <tr>
                <td>
                    Username:
                </td>
                <td>
                    <input type="text" name="username" >
                </td>
            </tr>
            <tr>
                <td>
                    Password:
                </td>
                <td>
                    <input type="password" name="password" >
                </td>
            </tr>
            <tr>
                <td>
                    Gender:
                </td>
                <td>
                    <select  name="gender">
                        <option value="Male">Male</option>
                        <option value="Female" >Female</option>
                    </select>
                </td>
            </tr>
            <tr>
                <td>
                    Birth Year:
                </td>
                <td>
                    <select  name="birth_year">
                        <?php
                            $num=1988;
                            while($num <= 2008)
                            {
                                $num++;
                                echo "<option value=$num>".$num."</option> ";
                            }
                        ?>
                    </select>
                </td>
            </tr>
            <tr>
                <td colspan="2" align="center">
                    <input type="submit" name="submit" value="submit">
            </tr>
            </table>
            </form>
            <?php if($_POST['submit']) { ?>
            <table border="0" style="color: red;width: 250; margin-top:5px;border: 1px solid black;padding:2px; font-family:Verdana; font-size:12px; ">
            <?php
                         $curnum= 0;
                         $username= $_POST['username'];
                         $password= $_POST['password'];
                         $gender= $_POST['gender'];
                         $byear= $_POST['birth_year'];
                         
                         if(!$username)
                         {
                            $curnum++;
                            echo "<tr><td>".$curnum.".Please enter a username</td></tr>";
                         }
                         if(!$password)
                         {
                            $curnum++;
                            echo "<tr><td>".$curnum.".Please enter a password</td></tr>";
                         }
                         if($username)
                         {
                            if(strlen($username) > 20){
                                $curnum++;
                                echo "<tr><td>".$curnum.".Your username is tooo long (3-20 characters)</td></tr>";
                            }
                            if(strlen($username)< 3){
                                $curnum++;
                                echo "<tr><td>".$curnum.".Your username is tooo short (3-20 characters)</td></tr>";
                            }
                         }
                         if($password)
                         {
                            if(strlen($password) > 25)
                            {
                                $curnum++;
                                echo "<tr><td>".$curnum.".Your password is tooo long (5-25 characters)</td></tr>";
                            }
                            if(strlen($password)< 5)
                            {
                                $curnum++;
                                echo "<tr><td>".$curnum.".Your password is tooo short (5-20 characters)</td></tr>";
                            }
                         }
                         
                         
                         if($curnum == 0)
                         {
                            mysql_query("INSERT INTO users VALUES(`id`,'".$username."','".$password."','".$gender."'.".$byear.")") or die(mysql_error());
                            
                        }
            ?>
                    
            </table>
            <?php } ?>
        </center>
    </body>
</html>
Edited by peter_budo because: Keep It Organized - For easy readability, always wrap programming code within posts in [code] (code blocks)
  • 7 Contributors
  • 7 Replies
  • 107 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by metalix

Recommended Answers

All 7 Replies

Member Avatar for Schoorsteen

Please use the

tags.

Anyhow, you forgot to add in your query what fields should be occupied.

For example:

mysql_query("INSERT INTO users (id, username, password, gender, birthyear) VALUES(`id`,'".$username."','".$password."','".$gender."'.".$byear.")");

Please note, I am not sure if I used the right field-names, you have to check your database for that.

Member Avatar for hielo

mysql_query("INSERT INTO users VALUES(`id`,'".$username."','".$password."','".$gender."'.".$byear.")")

I am assuming the id you are trying to insert is an autonumber fiedld. If that is true, then instead of `id`, use NULL:

mysql_query("INSERT INTO users VALUES(NULL,'".$username."','".$password."','".$gender."'.".$byear.")")

(the database will autoincrement instead of actually inserting null).

Member Avatar for muralibobby2015 
if($curnum == 0)
{
mysql_query("INSERT INTO users VALUES(`id`,'".$username."','".$password."','".$gender."'.".$byear.")") or die(mysql_error());

}

put $id instead of id in query. but there is no need to put $id. it is not a manuall entry value. and next change ',' instead of '.'

'".$gender."'.".$byear."

here. just leave it use like this.

if($curnum == 0)
{
mysql_query("INSERT INTO users VALUES('".$username."','".$password."','".$gender."','".$byear."')") or die(mysql_error());

}
Edited by muralibobby2015 because: n/a
Member Avatar for manzarr

i think this code help you, here '' use for id which auto increments

$query = "insert into user values('','$username','$password','$gender','$byear')";
$result = mysql_query($query) or die('Error!');
if($result){
echo " NAME :- $username";
}

Member Avatar for hielo

Read comments in code:

<?php
include "functions.php";
?>
<html>
<head>
<title>
Register Form
</title>
</head>
<body>

<center>
<form method="POST" action="index.php">
<table border="0" style="width:250;text-align:left;border: 1px solid black;padding:2px; font-family:Verdana; font-size:12px; ">
<tr>
<td>
Username:
</td>
<td>
<input type="text" name="username" >
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" name="password" >
</td>
</tr>
<tr>
<td>
Gender:
</td>
<td>
<select name="gender">
<option value="Male">Male</option>
<option value="Female" >Female</option>
</select>
</td>
</tr>
<tr>
<td>
Birth Year:
</td>
<td>
<select name="birth_year">
<?php
$num=1988;
while($num <= 2008)
{
$num++;
echo "<option value=$num>".$num."</option> ";
}
?>
</select>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="submit" value="submit">
</tr>
</table>
</form>
<?php if($_POST['submit']) { ?>
<table border="0" style="color: red;width: 250; margin-top:5px;border: 1px solid black;padding:2px; font-family:Verdana; font-size:12px; ">
<?php
	$curnum= 0;

/*
instead of these:

$username= $_POST['username'];
$password= $_POST['password'];
$gender= $_POST['gender'];
$byear= $_POST['birth_year'];

you can dynamically create those variables using a foreach. The name of the the variable would
match the relevant key in $_POST. Thus, since your $_POST has birth_year, then your variable will be $birth_year instead
of $byear.
*/
foreach($_POST as $k=>$v)
{
	${$k}=mysql_real_escape_string($v);
}

if(!$username)
{
	$curnum++;
	echo "<tr><td>".$curnum.".Please enter a username</td></tr>";
}
elseif(strlen($username) > 20)
{
	$curnum++;
	echo "<tr><td>".$curnum.".Your username is tooo long (3-20 characters)</td></tr>";
}
if(strlen($username)< 3)
{
	$curnum++;
	echo "<tr><td>".$curnum.".Your username is tooo short (3-20 characters)</td></tr>";
}


if(!$password)
{
	$curnum++;
	echo "<tr><td>".$curnum.".Please enter a password</td></tr>";
}
elseif(strlen($password) > 25)
{
	$curnum++;
	echo "<tr><td>".$curnum.".Your password is tooo long (5-25 characters)</td></tr>";
}
elseif(strlen($password)< 5)
{
	$curnum++;
	echo "<tr><td>".$curnum.".Your password is tooo short (5-20 characters)</td></tr>";
}


if($curnum == 0)
{
/*
IMPORTANT: You also missed a comma after the $gender value
NOTE: if birth_year is defined as a text field in your db, you may need apostrophes around the birth_year value:
mysql_query("INSERT INTO users VALUES(NULL,'{$username}','{$password}','{$gender}','{$birth_year}')") or die( mysql_error() );
*/
	mysql_query("INSERT INTO users VALUES(NULL,'{$username}','{$password}','{$gender}',{$birth_year})") or die(mysql_error());
}
?>

</table>
<?php } ?>
</center>
</body>
</html>
Member Avatar for metalix

WOW I think everyone is actually pretty onto it with this one.
As a hint use mysql_real_escape_string, don't let people hack your site.
also use sessions to make sure they are coming from your site etc...
read my tutorial on this on my page http://www.effectivewebdesign.co.nz/tutorial.php
save yourself a headache later on :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.