sagnik Posted November 6, 2014 Posted November 6, 2014 I'm getting a mysql error #1064 when running my script. Here is my code related to the problem: $sql = "INSERT INTO `$tbl1`('uid', 'user', 'fname', 'lname', 'gender', 'dob', 'login', 'password', 'ip', 'device', 'date', 'time', 'activation_code', 'active', 'banned') VALUES('$uid', $user, $fname, $lname, $gender, $dob, $login, $password, $ip, $device, $date, $time, '$act_code', '0', '0')";Please help me to correct my code.
wolstech Posted November 6, 2014 Posted November 6, 2014 The quotes around all of the items except uid in the VALUES set are missing to start. Can you also post the entire text of the error? It usually says an approximate location of where the mistake is.
PaulM Posted November 6, 2014 Posted November 6, 2014 Also, you should be aware of this security flaw called Sql Injection. Using your current method I could easily insert into your sign up form (or potentially log-in form as well) the following: '; DROP TABLE USERS;' or 1=1 The first causing your users table to drop (if it existed) and the second would likely log me into the first user (typically the admin's account). These are both bad. In order to prevent this, and to make coding easier, look into prepared statements. It looks like you are using PHP so a prepared statement would be as follows: $stmt = $dbVar->prepare("INSERT INTO `$tbl1`('uid', 'user', 'fname', 'lname', 'gender', 'dob', 'login', 'password', 'ip', 'device', 'date', 'time', 'activation_code', 'active', 'banned') VALUES(:uid, :user, :fname, :lname,:gender, :dob, :login, :password,:'ip,:device, :date,:'time, :activation_code,:active, :banned)"; $stmt -> bindParam(':uid',$uid);$stmt -> bindParam(':user',$user);$stmt -> bindParam(':fname',$fname);$stmt -> bindParam(':lname',$lname);etc etc.Followed by $stmt -> execute(); This is the best and safest way to interact with your database. It is also a lot easier to maintain and once you are used to it, understand. Good luck!
sagnik Posted November 7, 2014 Author Posted November 7, 2014 Ok sir, here is my full script: http://pastebin.com/6YJMPLGg [phpBrief]ORhttp://pastebin.com/raw.php?i=6YJMPLGg [RAW] And also thanks to PaulM....
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now