Home/ Questions/Q 4607418
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T00:42:02+00:00

I am receiving the following error from the code below. You have an error

  • 0

I am receiving the following error from the code below.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@doe.com,username,5f4dcc3b5aa765d61d8327deb882cf99,09/05/2011 1:11:13 AM)' at line 1

$username = $_GET['username'];
$password = md5($_GET['password']);
$firstname = $_GET['firstname'];
$lastname = $_GET['lastname'];
$email = $_GET['email'];
$date = uk_date();
$conn = mysql_connect('localhost', 'myuser', 'mypass');
mysql_select_db('dbname');
$query = "INSERT INTO accounts (FirstName, LastName, Email, Username, Password, LastLoginDate) VALUES (". $firstname . ",". $lastname ."," . $email . "," . $username . "," . $password . "," . $date . ")";
$result = mysql_query($query) or die(mysql_error());
echo 'Success';
mysql_close($result);

Please could you let me know what my problem is? I am new to MySQL and PHP so please can you provide an explanation to what I have done wrong for later reference.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You haven’t quoted any of the values in your INSERT, you should be saying something more like this:

    $query = "INSERT INTO accounts (FirstName, LastName, Email, Username, Password, LastLoginDate) VALUES ('". $firstname . "','". $lastname ."','" . $email . "','" . $username . "','" . $password . "','" . $date . "')";

    You should also be using mysql_real_escape_string on all those variables to make sure that any embedded quotes and such are properly encoded.

    A better version would be something like this:

    $query = sprintf("INSERT INTO accounts (FirstName, LastName, Email, Username, Password, LastLoginDate) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')",
    mysql_real_escape_string($firstname),
    mysql_real_escape_string($lastname),
    mysql_real_escape_string($email),
    mysql_real_escape_string($username),
    mysql_real_escape_string($password),
    mysql_real_escape_string($date));

    You should also listen to BoltClock and use PDO and placeholders so you don’t have to worry about your quotes and escaping so much. PDO will also make it easier to switch databases.

    • 0