0

I keep getting this error from a working script since using Mysql 5.1 This data from the formshould go to the database with table called users and also sendconfirmation email with the details on using regmail. This works on other site but have to use 5.1 for this site and error is doing my head in
THE ERROR MESSAGE

Error: 1064:- You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES ('', '', '', '', '', '8am-10am ', '', '', '', '', '', ''

THE SIDE SCRIPT

<?php
	ob_start();
	session_start();
// 	include section	
	define('DIR', '.');
	include(DIR."/includes/phpclass.inc.php");		
	include(DIR."/includes/functions.php");	
	$db = new PHP_fun();	// object for php class

	extract($_REQUEST);
	$s_chk = "select * from users where username = '".$username."' ";
	$r_chk = $db->select_row($s_chk);
	if (count($r_chk) == 0)
	{
		$s_ins = "INSERT INTO `users` (`firstname` ,  `familyname` ,  `email` ,  `address` ,  `phone` ,  `besttime` ,  `resortname` ,  `joindate` ,  `whatyouown` ,  `timeofuse` , `price` , `tradein` , `deposit` , `balance` , `method` , `cancel` , `whathappened` , `creditcard` , `whattheysaid` , `username` ,  `passwd` ,  `passwdhint` , `answer`) VALUES ('".$name."', '".$email."', '".$address."', '".$telephone."', '".$bestcontacttime."', '".$wherejoin."', '".$joindate."', '".$membershiplength."', '".$iac_number."', '".$username."', '".$passwd."', '".$passwdhint."', '".$answer."', NOW())";
		$r_ins = $db->insert_row($s_ins);
		if ($r_ins > 0)
		{
			ob_start();
				include("regmail.php");
			$message = 	ob_get_contents();
			ob_end_clean();
			$to = "register@mysite.com";
			$headers  = 'MIME-Version: 1.0' . "\r\n";
			$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
			$headers .= 'From: '.$name.' <'.trim($_REQUEST['email']).'>' . "\r\n";
			$subject = "New TRP Registration" ;
			$sent = mail($to, $subject, $message, $headers);
			if ($sent)
			{ print ""; }
		}
		?>
		<script language="javascript">
			alert("TRP web user Registration Successfully please wait for member services to confirm and activate your account.");
			window.location = 'thankyou.htm';
		</script>
	<?
	}
	else
	{ ?>
		<script language="javascript">
			alert("A member with TRP already has that username");
			window.location = 'register.htm';
		</script>
	<?
	}
?>

Edited by deceptikon: added code tags

3
Contributors
5
Replies
6
Views
5 Years
Discussion Span
Last Post by diafol
1

Hi scottymex,

You are trying to insert data into 23 fields but you are only supplying 14 values.

0

Hi scottymex,

You are trying to insert data into 23 fields but you are only supplying 14 values.

here is the correct code with the correct values however I get the same error message.

<?php
    ob_start();
    session_start();
//  include section 
    define('DIR', '.');
    include(DIR."/includes/phpclass.inc.php");      
    include(DIR."/includes/functions.php"); 
    $db = new PHP_fun();    // object for php class

    extract($_REQUEST);
    $s_chk = "select * from users where username = '".$username."' ";
    $r_chk = $db->select_row($s_chk);
    if (count($r_chk) == 0)
    {
        $s_ins = "INSERT INTO `users` (`firstname` ,  `familyname` ,  `email` ,  `address` ,  `phone` ,  `besttime` ,  `resortname` ,  `joindate` ,  `whatyouown` ,  `timeofuse` ,  `price` ,  `tradein` ,  `deposit` ,  `balance` ,  `method` ,  `cancel` ,  `whathappened` ,  `creditcard` ,  `whattheysaid` ,  `username` ,  `passwd` ,  `cpasswd` ,  `passwdhint` ,  `answer` VALUES ('$_POST[firstname]','$_POST[familyname]','$_POST[email]','$_POST[address]','$_POST[phone]','$_POST[besttime]','$_POST[resortname]','$_POST[joindate]','$_POST[whatyouown]','$_POST[timeofuse]','$_POST[price]','$_POST[deposit]','$_POST[tradein]','$_POST[balance]','$_POST[method]','$_POST[cancel]','$_POST[whathappened]','$_POST[creditcard]','$_POST[whattheysaid]','$_POST[username]','$_POST[passwd]','$_POST[cpasswd]','$_POST[passwdhint]','$_POST[answer]')";
        $r_ins = $db->insert_row($s_ins);                
        $r_ins = $db->insert_row($s_ins);

        if ($r_ins > 0)
        {
            ob_start();
                include("regmail.php");
            $message =  ob_get_contents();
            ob_end_clean();
            $to = "register@djscottyis@yahoo.com";
            $headers  = 'MIME-Version: 1.0' . "\r\n";
            $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
            $headers .= 'From: '.$name.' <'.trim($_REQUEST['email']).'>' . "\r\n";
            $subject = "New TRP Registration" ;
            $sent = mail($to, $subject, $message, $headers);
            if ($sent)
            { print ""; }
        }
        ?>
        <script language="javascript">
            alert("TRP web user Registration Successfully please wait for member services to confirm and activate your account.");
            window.location = 'thankyou.htm';
        </script>
    <?
    }
    else
    { ?>
        <script language="javascript">
            alert("A registered client with TRP already has that username");
            window.location = 'register.htm';
        </script>
    <?
    }
?>

Edited by pyTony: fixed formating

0

1) use code tags
2) don't use extract on request - bad things can happen - existing variables can be overwritten - malicious code can be inserted e.g. ...?userlevel=3 (could give an user something like admin rights).
3) you've used extract, but continue to use post vars
4) as previously mentioned - your fields-values are not balanced
5) the s_ins sql statement isn't closed
6) js alert? why not just echo a message? alerts look rubbish and depend on js

I'm sure there are a few other things I missed

0
  1. use code tags
  2. don't use extract on request - bad things can happen - existing variables can be overwritten - malicious code can be inserted e.g. ...?userlevel=3 (could give an user something like admin rights).
  3. you've used extract, but continue to use post vars
  4. as previously mentioned - your fields-values are not balanced
  5. the s_ins sql statement isn't closed
  6. js alert? why not just echo a message? alerts look rubbish and depend on js

I'm sure there are a few other things I missed

So ive removed the post but it still doesnt work. I am new to php but making head way for this charity site. Thanks for yor help.
Here is the amend code.

<?php
$con = mysql_connect("site","site","site");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("site", $con);
    $s_ins = "INSERT INTO `users` (`firstname` ,  `familyname` ,  `email` ,  `address` ,  `phone` ,  `besttime` ,  `resortname` ,  `joindate` ,  `whatyouown` ,  `timeofuse` ,  `price` ,  `tradein` ,  `deposit` ,  `balance` ,  `method` ,  `cancel` ,  `whathappened` ,  `creditcard` ,  `whattheysaid` ,  `username` ,  `passwd` ,  `cpasswd` ,  `passwdhint` ,  `answer` 
    VALUES
     ('$_POST[firstname]','$_POST[familyname]','$_POST[email]','$_POST[address]','$_POST[phone]','$_POST[besttime]','$_POST[resortname]','$_POST[joindate]','$_POST[whatyouown]','$_POST[timeofuse]','$_POST[price]','$_POST[deposit]','$_POST[tradein]','$_POST[balance]','$_POST[method]','$_POST[cancel]','$_POST[whathappened]','$_POST[creditcard]','$_POST[whattheysaid]','$_POST[username]','$_POST[passwd]','$_POST[cpasswd]','$_POST[passwdhint]','$_POST[answer]')"

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Thank you for your Request you will be contacted with your Quote very soon.";

mysql_close($con)
?>

Edited by pyTony: fixed formating

0

1) You STILL haven't used [ CODE ] tags in the editor
2) You're using unescaped $_POST vars directly in the SQL - SQL injection risk - clean with mysql_real_escape_string()
3) Fields and values STILL unbalanced
4) SQL STILL not ended properly

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.