While updating my registration form verification PHP, I came across an error that I just cannot seem to fix:
Column count doesn’t match value count at row 1
I have looked through the code over and over again and I can’t seem to see anything wrong with it. PHP syntax and formatting checkers all seem to say the code is OK. I understand that this error comes up a lot, but I can’t see the similarity between my code and the code of others who received the same error.
<?
include "./includes/config.inc.php";
include $include_path."cc.inc.php";
include $include_path."banemails.inc.php";
$is_pre_registration = (isset($_REQUEST['pre_registration']) && $_REQUEST['pre_registration'] == "1") ? "1" : "";
$TIME = mktime(date("H")+$SETTINGS['timecorrection'],date("i"),date("s"),date("m"), date("d"),date("Y"));
$NOW = date("YmdHis",$TIME);
$NOWB = date("YmdHis",$TIME);
// --
if (!isset($_POST['auction_id']) && !isset($_GET['auction_id'])) {
$auction_id = $_SESSION["CURRENT_ITEM"];
} else {
$_SESSION["CURRENT_ITEM"]=intval($auction_id);
}
if (empty($_POST['action'])) {
$action = "first";
}
#// Retrieve users signup settings
$query = "SELECT * FROM BPLA_usersettings";
$res_s = @mysql_query($query);
if(!$res_s){
MySQLError($query);
exit;
}else{
$REQUESTED_FIELDS = unserialize(mysql_result($res_s,0,"requested_fields"));
$MANDATORY_FIELDS = unserialize(mysql_result($res_s,0,"mandatory_fields"));
}
if ($_POST['action'] == "first") {
if (empty($_POST['accounttype']) && $SETTINGS['accounttype'] == 'sellerbuyer') {
$TPL_err = 1;
$TPL_errmsg = $MSG_25_0137;
} elseif (empty($_POST['TPL_nick'])) {
$TPL_err = 1;
$TPL_errmsg = $ERR_5030;
} elseif (empty($_POST['TPL_password'])) {
$TPL_err = 1;
$TPL_errmsg = $ERR_5031;
} elseif (empty($_POST['TPL_repeat_password'])) {
$TPL_err = 1;
$TPL_errmsg = $ERR_5032;
} elseif (empty($_POST['TPL_email'])) {
$TPL_err = 1;
$TPL_errmsg = $ERR_5033;
} else {
if (strlen($_POST['TPL_nick']) < 6) {
$TPL_err = 1;
$TPL_errmsg = $ERR_107;
} else if (strlen ($_POST['TPL_password']) < 6) {
$TPL_err = 1;
$TPL_errmsg = $ERR_108;
} else if ($_POST['TPL_password'] != $_POST['TPL_repeat_password']) {
$TPL_err = 1;
$TPL_errmsg = $ERR_109;
} else if (strlen($_POST['TPL_email']) < 5) { // Primitive mail check
$TPL_err = 1;
$TPL_errmsg = $ERR_110;
} elseif (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$", $_POST['TPL_email'])) {
$TPL_err = 1;
$TPL_errmsg = $ERR_008;
} elseif(BannedEmail($_POST['TPL_email'],$BANNEDDOMAINS)){
$TPL_err = 1;
$TPL_errmsg = $MSG_30_0054;
} else {
$sql = "SELECT nick FROM BPLA_users WHERE nick=\"" . AddSlashes ($_POST['TPL_nick']) . "\"";
$res = mysql_query ($sql);
if (mysql_num_rows($res) == 0) {
$id = md5(uniqid(rand()));
$id = eregi_replace("[a-f]", "", $id);
$TPL_id_hidden = $id;
$TPL_nick_hidden = $_POST['TPL_nick'];
$TPL_password_hidden = $_POST['TPL_password'];
$TPL_email_hidden = $_POST['TPL_email'];
} else {
$TPL_err = 1;
$TPL_errmsg = $ERR_111; // Selected user already exists
}
$sql = "SELECT email FROM BPLA_users WHERE email=\"" . AddSlashes ($_POST['TPL_email']) . "\"";
$res = mysql_query ($sql);
if (mysql_num_rows($res) == 0) {
$id = md5(uniqid(rand()));
// $id = eregi_replace("[a-f]","",$id);
$TPL_id_hidden = $id;
$TPL_nick_hidden = $_POST['TPL_nick'];
$TPL_password_hidden = $_POST['TPL_password'];
$TPL_email_hidden = $_POST['TPL_email'];
} else {
$TPL_err = 1;
$TPL_errmsg = $ERR_115; // E-mail already used
}
if ($TPL_err == 0) {
$TODAY = $NOWB;
# // #################################################################
# // Users suspended field
# // VALUES:
# // 9 - sign up fee due
# // 8 - no fee due, waiting for user's confirmation
# // 1 - suspended by the administrator via admin utility
# //
$SUSPENDED = 8;
if($SETTINGS['accounttype'] == 'sellerbuyer') {
$selected_accounttype = $_POST['accounttype'];
} else {
$selected_accounttype = 'unique';
}
if($is_pre_registration != ""){
$user_pre_registration = "1";
}else{
$user_pre_registration = "0";
//, is_pre_registration
//, ".intval($user_pre_registration)."
}
if($BPLowbidAuction_TESTMODE == 'yes') {
include "header.php";
echo "<strong>".$ERR_9999."</strong>";
include phpa_include("template_register.html");
exit();
} else {
$sql = "INSERT INTO BPLA_users (id,
nick, password, nletter,email, reg_date,
rate_sum, rate_num,suspended,accounttype)
VALUES (NULL, \"" . Addslashes ($TPL_nick_hidden) . "\", \""
. md5($MD5_PREFIX . Addslashes ($TPL_password_hidden)) . "\", \""
. (int)($_POST['TPL_nletter']) . "\", \""
. AddSlashes ($_POST['TPL_email']) . "\",
'$TODAY',
0,
0,
'$DATE',
'$SUSPENDED',
ENCODE(\"$MD5_PREFIX\"))";
$res = mysql_query ($sql);
if ($res == 0) {
$TPL_err = 1;
$TPL_errmsg = mysql_error (); //"Error updating users data";
} else {
$TPL_id_hidden=mysql_insert_id();
# // ===========================================================
# // Added by Gian for IP banning
# // Store user IP address in the database
# // ===========================================================
$query = "INSERT INTO BPLA_usersips VALUES(
NULL,
".intval($TPL_id_hidden).",
'".$_SERVER["REMOTE_ADDR"]."',
'first','accept')";
$res___ = @mysql_query($query);
if (!$res___) {
MySQLError($query);
exit;
}
# // ===========================================================
/**
* Update column users in table BPLA_counters
*/
$query = "UPDATE BPLA_counters SET inactiveusers=inactiveusers+1";
$counteruser = mysql_query($query);
if (!$counteruser) {
MySQLError($query);
exit;
}
# // ===========================================================
/**
* Set up the language of this user in table BPLA_userslanguage
*/
$language = $SETTINGS['defaultlanguage'];
$_SESSION['language'] = $language;
$userlanguage = mysql_query("INSERT INTO BPLA_userslanguage VALUES(
'".$TPL_id_hidden."',
'$language')");
if (!$userlanguage) {
MySQLError($query);
exit;
}
# // Send confirmation e-mail message depending on the peyment settings
#// and the signup confirmation settings
//if ($SETTINGS['signupfee'] != 1) {
// if(($SETTINGS['usignupconfirmation'] == 'y' && $SETTINGS['accounttype'] == 'unique') ||
// (($SETTINGS['sbsignupconfirmation'] == 's' || $SETTINGS['sbsignupconfirmation'] == 'sb') && $_POST['accounttype'] == 'seller') ||
// (($SETTINGS['sbsignupconfirmation'] == 'b' || $SETTINGS['sbsignupconfirmation'] == 'sb') && $_POST['accounttype'] == 'buyer')) {
#Suspend user
$query = "UPDATE BPLA_users SET suspended=0,reg_date=reg_date WHERE id=$TPL_id_hidden";
$RES__ = @mysql_query($query);
if (!$RES__) {
echo "KLSDHD";
//MySQLError($query);
exit;
} else {
# Send e-mail to the user and the admin
include $include_path."user_confirmation_needapproval.inc.php";
}
// }else{
// include $include_path."user_confirmation.inc.php";
// }
//}
}
}
} // if($TPL_err == 0)
}
}
}
include "header.php";
if (($action == "first" && count($_POST) == 0) || ($_POST['action'] == "first" && $TPL_err)) {
include phpa_include("template_register.html");
}
if ($_POST['action'] == "first" && !$TPL_err) {
# //
include phpa_include("template_registered_php.html");
}
include "footer.php";
$TPL_err = 0;
$TPL_errmsg = "";
?>
Changed:
$sql = "INSERT INTO BPLA_users (id,
nick, password, nletter,email, reg_date,
rate_sum, rate_num,suspended,accounttype)
VALUES (NULL, \"" . Addslashes ($TPL_nick_hidden) . "\", \""
. md5($MD5_PREFIX . Addslashes ($TPL_password_hidden)) . "\", \""
. (int)($_POST['TPL_nletter']) . "\", \""
. AddSlashes ($_POST['TPL_email']) . "\",
'$TODAY',
0,
0,
'$DATE',
'$SUSPENDED',
ENCODE(\"$CC\",\"$MD5_PREFIX\"),
'$_POST[TPL_exp_month]','$_POST[TPL_exp_year]','$_POST[TPL_card_owner]','$_POST[TPL_card_zip]',1)"
To:
$sql = "INSERT INTO BPLA_users (id,
nick, password, nletter,email, reg_date,
rate_sum, rate_num,suspended,accounttype)
VALUES (NULL, \"" . Addslashes ($TPL_nick_hidden) . "\", \""
. md5($MD5_PREFIX . Addslashes ($TPL_password_hidden)) . "\", \""
. (int)($_POST['TPL_nletter']) . "\", \""
. AddSlashes ($_POST['TPL_email']) . "\",
'$TODAY',
0,
0,
'$DATE',
'$SUSPENDED',
ENCODE(\"$MD5_PREFIX\"))";
Now receive error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘))’ at line 10
This error occurs when the number of columns specified in an
INSERTquery does not match the number of values provided. For example:In the following line you list 10 columns (id, nick, password, nletter, email, reg_date, rate_sum, rate_num, suspended, accounttype) but 16 values.
You need to list the column names that correspond to the following values:
VERY important: you should use prepared statements to prevent SQL injection. This is a very dangerous and sadly very common attack. See https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet