sql syntax problem

Intimidat0r

code is:

$dbcon = mysql_connect('localhost', 'user', 'passwd');
mysql_select_db('infrec_infrecdb', $dbcon) or die(mysql_error());
mysql_query("INSERT INTO users (username, password, email) VALUES ('".$username."', '".$password."', '".$email."'") or die(mysql_error()." - Please contact the administrator.");
mysql_close($dbcon);

error says:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''

anyone know why?

drew010

make sure the variables are set correctly, if you have a table that requires a field to be not null and you are passing an empty string it will return an error. also consider running the values through [man]mysql_real_escape_string[/man].

toplay

Yes that's a good idea. But what's wrong is that you forgot the right closing parenthesis after the $email - the end part of VALUES().

The "password" is a MySQL reserved keyword and should not be used as a column name. Either change that column name to something else (which is what I recommend) to avoid further confusion, or enclose the column name inside backtick marks. Example:

$result = mysql_query("INSERT INTO users (username, `password`, email) VALUES ('$username', '$password', '$email')")
or die(mysql_error()." - Please contact the administrator.");