<?php
include("../package/mysql-connect.php"); //connect- succeeds
//cleanin' data
$username = trim(mysql_real_escape_string($_POST['username']));
$password = hash('sha512', $passround);
$fname = ucfirst(trim(mysql_real_escape_string($_POST['fname'])));
$lname = ucfirst(trim(mysql_real_escape_string($_POST['lname'])));
$gender = mysql_real_escape_string($_POST['gender']);
$email = mysql_real_escape_string($_POST['email']);
$bio = mysql_real_escape_string($_POST['bio']);
$interests = str_replace(',',':',mysql_real_escape_string($_POST['interests']));
//the query - error is here i think O. o
mysql_query("INSERT INTO `kapip_data`.`userdata` (`id`, `username`, `password`, `fname`, `lname`, `gender`, `hidden`, `hide-gender`, `hide-name`, `bio`, `interests`, `email`) VALUES (NULL, $username, $password, $fname, $lname, $gender, '0', '0' , '0', $bio, $interests, $email)") or die(mysql_error());
//close connection- succeeds
mysql_close($con);
?>
This keeps saying:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use
near ‘(interests show here), (email shows here))’ at line 1.
The strange thing is, all of my data is escaped and formatted properly. I can’t seem to find my error, if I’m just tired is all. Also, does the “@” sign in emails have anything to do with the failure to insert?
Please always show the finished query.
In this case however, the reason is easy to spot: You are missing quotes around your arguments.
Do