sagnik Posted November 6, 2014 Share Posted November 6, 2014 I'm getting a mysql error #1064 when running my script. Here is my code related to the problem: $sql = "INSERT INTO `$tbl1`('uid', 'user', 'fname', 'lname', 'gender', 'dob', 'login', 'password', 'ip', 'device', 'date', 'time', 'activation_code', 'active', 'banned') VALUES('$uid', $user, $fname, $lname, $gender, $dob, $login, $password, $ip, $device, $date, $time, '$act_code', '0', '0')";Please help me to correct my code. Quote Link to comment Share on other sites More sharing options...
wolstech Posted November 6, 2014 Share Posted November 6, 2014 The quotes around all of the items except uid in the VALUES set are missing to start. Can you also post the entire text of the error? It usually says an approximate location of where the mistake is. Quote Link to comment Share on other sites More sharing options...
PaulM Posted November 6, 2014 Share Posted November 6, 2014 Also, you should be aware of this security flaw called Sql Injection. Using your current method I could easily insert into your sign up form (or potentially log-in form as well) the following: '; DROP TABLE USERS;' or 1=1 The first causing your users table to drop (if it existed) and the second would likely log me into the first user (typically the admin's account). These are both bad. In order to prevent this, and to make coding easier, look into prepared statements. It looks like you are using PHP so a prepared statement would be as follows: $stmt = $dbVar->prepare("INSERT INTO `$tbl1`('uid', 'user', 'fname', 'lname', 'gender', 'dob', 'login', 'password', 'ip', 'device', 'date', 'time', 'activation_code', 'active', 'banned') VALUES(:uid, :user, :fname, :lname,:gender, :dob, :login, :password,:'ip,:device, :date,:'time, :activation_code,:active, :banned)"; $stmt -> bindParam(':uid',$uid);$stmt -> bindParam(':user',$user);$stmt -> bindParam(':fname',$fname);$stmt -> bindParam(':lname',$lname);etc etc.Followed by $stmt -> execute(); This is the best and safest way to interact with your database. It is also a lot easier to maintain and once you are used to it, understand. Good luck! Quote Link to comment Share on other sites More sharing options...
sagnik Posted November 7, 2014 Author Share Posted November 7, 2014 Ok sir, here is my full script: http://pastebin.com/6YJMPLGg [phpBrief]ORhttp://pastebin.com/raw.php?i=6YJMPLGg [RAW] And also thanks to PaulM.... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.