Debugging a SQL syntax error in PHP

Question

I'm trying to use PDO on my register and log in page , and started working on my register page and have an syntax error not sure why.

The error is below:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO users (id, name, username, password, lastname ,email) VALUES (?, ?,' at line 1

Code:

 if ($_SESSION["username"]){

 header("Location: home.php");
 }
else{
if(isset($_POST['firstname']) && isset($_POST['lastname']) &&    isset($_POST['username']) && isset($_POST['password']) && isset($_POST['cpassword'])  && isset($_POST['email'])){
     require('connect.php');

     $dusername = mysql_real_escape_string($_POST["username"]);
    $dfirstname = mysql_real_escape_string($_POST["firstname"]);
     $dpassword = md5(mysql_real_escape_string($_POST["password"]));
    $dlastname =mysql_real_escape_string($_POST["lastname"]);
    $demail =mysql_real_escape_string($_POST["email"]);




$dbhost = "xxxxxxx"; 
$dbname= "xxxxxx";
$dbuser = "xxxx";
$mysql_password = "xxxxx";



 try{


 $db = new PDO('mysql:host='.$dbhost.';dbname='.$dbname.';charset=utf8',   

 ''.$dbuser.'',    

 ''.$mysql_password.'');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

}

catch(PDOException $e){
echo $e->getMessage();
die();


}

 mysql_error();
  //According to user's input
 $register =mysql_query( "(INSERT INTO users (id, name, username, password, lastname,email)  VALUES (?, ?, ?, ?, ?)")or die(mysql_error());
 $register =$db->prepare($register);
 $register->execute(array($dfirstname,$dusername,$dpassword,$dlastname,$demail));

// Check username and password match
if ($register) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: home.php');
exit;
}
else{

  echo "<div class=\"error\">Error Signing Up... Make Sure all the require 

  fields         are correctly formatted. </div>";
    }
    }
 else{

 }
 }

Updated it

  $register ="INSERT INTO users (id, name, username, password, lastname ,email) VALUES('',?, ?, ?, ?, ?)"or die(mysql_error());
  $register =$db->prepare($register);
  $register->execute(array('',$dfirstname,$dusername,$dpassword,$dlastname,$demail));

Still have the error

you cannot mix mysql_* functions and PDO methods, stick with PDO — Kevin
– Kevin, Commented Dec 18, 2014 at 6:58
@FollowerofChrist you wouldn't need one bit of it, all of this can be done with just PDO — Kevin
– Kevin, Commented Dec 18, 2014 at 7:01

virendra · Accepted Answer · 2014-12-18 07:00:08Z

2

$register->execute(array($dfirstname,$dusername,$dpassword,$dlastname,$demail));

should be

$register->execute(array('',$dfirstname,$dusername,$dpassword,$dlastname,$demail));

answered Dec 18, 2014 at 7:00

virendra

1639 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

ChristLovesme97 Over a year ago

thanks for the edit but the error still exist @virendra

virendra Over a year ago

also change this one $register =mysql_query( "(INSERT INTO users (id, name, username, password, lastname,email) VALUES (?,?, ?, ?, ?, ?)")or die(mysql_error());

Jens · Accepted Answer · 2014-12-18 06:59:13Z

1

You have 6 columns in your insert statement but only 5 values in the values clasue. That should also be 6.

answered Dec 18, 2014 at 6:59

Jens

69.6k15 gold badges107 silver badges133 bronze badges

Collectives™ on Stack Overflow

Debugging a SQL syntax error in PHP

2 Answers 2

2 Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

2 Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related