Home/ Questions/Q 8207697
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T09:04:49+00:00

Okay, so I have a register.php script written and I get an unexpected T

  • 0

Okay, so I have a register.php script written and I get an unexpected T Variable when the command tries to execute.
The error lies on line 15 at

('$_Post[username]','$_Post[sha_pass_hash]','$_Post[email]','2')";

I also have a second error in my syntax according to Dreamweaver at line 20 for

    die('Error: ' . mysql_error());

If anyone could help it would be greatly appreciated. Thank you in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    STOP

    Inserting into a database directly from post is always a bad idea. This is the reason PHP is currently stuck with the very un-intuitive magic quotes.

    You should at the very least be using mysql_real_escape_string() to escape your data. For example:

    $link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
OR die(mysql_error());

$query = "INSERT INTO users VALUES (
    '" . mysql_real_escape_string($_POST["username"]) . "',
    '" . mysql_real_escape_string($_POST["sha_pass_hash"]) . "',
    '" . mysql_real_escape_string($_POST["email"]) . "',
    '2'
)";

mysql_query($query);

    The reason you have to do this is security based. For example if some malicious set the username field to '); DROP TABLE users; without first escaping your data. You would end up blindly running the following query:

    INSERT INTO users VALUES (''); DROP TABLE users;

    Which of course isn’t going to end well for your application.

    This is the minimum you should be doing.

    In reality you should really be moving onto MySQLi Which is a much more modern MySQL interface.
    Here is an example

    $mysqli = new mysqli('mysql_host', 'mysql_user', 'mysql_password', 'mysql_database');

$query = "INSERT INTO users VALUES (
    '" . $mysqli->real_escape_string($_POST["username"]) . "',
    '" . $mysqli->real_escape_string($_POST["sha_pass_hash"]) . "',
    '" . $mysqli->real_escape_string($_POST["email"]) . "',
    '2'
)";

$mysqli->query($query);

    You can even use MySQL in a procedural style. So if Object orientated programing isn’t with in your reach yet you will have no problems with MySQLi.

    Hope that helps.

    • 0