Why am I getting this SQL syntax error? PLEASE HELP!

Discussion in 'PHP' started by youngwebmasta, Oct 5, 2010.

0
  1. #1 
    
mysql_query("INSERT INTO users(username,password,email)
		VALUES('".$_POST['username']."', '".$_POST['password']."', '".$_POST['email']."'") or die(mysql_error());
    Code (markup):
    Error Message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2
    EDIT: nvm I fixed it.
     
    youngwebmasta, Oct 5, 2010 IP
  2. veroxii

    veroxii Peon

    Messages:
    25
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Glad you fixed it. Still, I would not use that code as-is. Never use POST variables directly in your SQL query - you will get hacked by a SQL injection in no time. Always clean up and escape your input variables.
     
    veroxii, Oct 5, 2010 IP
  3. youngwebmasta

    youngwebmasta Peon

    Messages:
    45
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    blah blah blah. I secured the POST variables early on in my script. So thanks for nothing! :)
     
    youngwebmasta, Oct 5, 2010 IP