"You have an error in your SQL syntax"

Question

mattyd 89 Posting Maven

9 Years Ago

Hello:

Before I post code I will say that last year I hired a programmer to build one feature for my project. Today upon further inspection of the database/tables I am receiving errors that I have never received and I am at a loss as to their actual meaning.

I have researched this online and scoured the code but cannot figure it out (Another problem: This programmer apparently somehow dropped my table in my DB and I had to try to reconstruct it this morning - Very frustrating at this point)

I am at this point getting the following error which makes no sense to me: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Table 2 WHERE userName = 'gary bob' AND pass = 'uuuuuuuuuuuu'' at line 1".

Any pointer in the correct direction would be grealy appreciated - Thank you in advance!

`<?php

define('DB_HOST', 'localhost');
define('DB_NAME', '************');
define('DB_USER','************');
define('DB_PASSWORD','************');

$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());


function NewUser()
{

    $userName = $_POST['userName'];
    $email = $_POST['email'];
    $password =  $_POST['password'];
    $countries = $_POST ['countries'];
    $city =  $_POST['city'];
    $company = $_POST ['company'];
    $state = $_POST ['state'];//Added 11/3/2014

    $query = "INSERT INTO Table 2 (userName,email,password,countries,city,company,state) VALUES ('$userName','$email','$password', '$countries','$city','$company', '$state')";


    $data = mysql_query ($query)or die(mysql_error());
    if($data)
    {
    echo "YOUR REGISTRATION IS COMPLETED...";
    }
}

function SignUp()
{
if(!empty($_POST['user']))   //checking the 'user' name which is from Sign-Up.html, is it empty or have some text
{
    $query = mysql_query("SELECT * FROM Table 2 WHERE userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());

    if(!$row = mysql_fetch_array($query) or die(mysql_error()))
    {
        NewUser();
    }
    else
    {
        echo "SORRY...YOU ARE ALREADY REGISTERED USER...";
    }
}
}
if(isset($_POST['user']))
{
    SignUp();
}

?>`

php

2 Contributors
2 Replies
225 Views
2 Hours Discussion Span
Latest Post 9 Years Ago Latest Post by mattyd

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

milil 24 Newbie Poster · Answer 1 · 2015-02-15T18:17:52+00:00

This line: $query = mysql_query("SELECT * FROM Table 2 WHERE userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());

You can't put like that you need to put like this:

$query = mysql_query("SELECT * FROM Table 2 WHERE userName = '" . '$_POST[user]' . "' AND pass = '" . '$_POST[pass]' . "') or die(mysql_error());

With "." you will contact two string this means that you will search userName that is equal with $_POST[user] not exact value.

I hope this helps.
If not please provide more details.
Kind regards, Mike.

mattyd 89 Posting Maven Featured Poster · Answer 2 · 2015-02-15T18:26:52+00:00

Thank you for your reply, Mike.

I am no longer getting that error message, thankfully, and most data from the registration form is being dumped into the table. Most. I will have to make a new thread regarding the fact that the username and password are not being saved from the form.

Everything was working fine until I allowed the programmer I hired to build a feature complete access to my database. Now, I am having to dig through new files and HER code and new variables she decided upon.