MYSQL/PHP Syntax Error

Question

Here is that php code that is at the top of my page:

if(!$_SESSION['username']){
  header("Location: ../error.php?id=1");
}

$teamgamertag = $_POST["gamertag"];
$teamgame = $_POST["game"];
$teamtype = $_POST["type"];
$teamname = $_POST["name"];
$teamconsole = $_POST["console"];

if(isset($_POST["submit"])){
  $sql2 = mysql_query("INSERT INTO teams (name, game, players, creator, console, leaders, type, score) VALUES ('$teamname', '$teamgame', '$teamgamertag', '$teamgamertag', '$teamconsole', '$teamgamertag', '$teamtype', '0'") or die(mysql_error());

  if($sql2){
    header("../results.php?id=1");
  }else{
    exit();
  }
}
?>

I dont know what the problem is and where to fix it. Thank you for your help in advance.

There's no obvious syntax error here, except for the missing opening ` — Nick Pickering, Mar 24 '13 at 06:45
Also, from manual [`header()`](http://www.php.net/manual/en/function.header.php) `HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path,` - ie. `header("Location: http://$host.$uri");` — Sean, Mar 24 '13 at 06:48

score 4 · Answer 1 · edited May 23 '17 at 12:11

4

Your SQL query's ending parenthesis is missing:

'$teamgamertag', '$teamtype', '0'")

It should be here:

'$teamgamertag', '$teamtype', '0')")

Also, your SQL is vulnerable to injection. Don't make query strings manually. Use prepared statements: PHP PDO prepared statements

edited May 23 '17 at 12:11

Community

1
1

answered Mar 24 '13 at 06:45

Blender

289,723
53
439
496

1

Actually, there should be two parentheses, I think. `'0')")` the first one closing the VALUES block and the second one closing the call to `mysql_query`. – Nick Pickering Mar 24 '13 at 06:47
I was going to do the prepared statements later, I just wanted to get this priority setup. Also, when I make your change, I get an error loading the page... "Parse error: syntax error, unexpected ';' in /home/u914842696/public_html/onlinegw/teams/create.php on line 17" – ExcuseMyLuck Mar 24 '13 at 06:48
@user2203989 use the updated code in the answer. – Nick Pickering Mar 24 '13 at 06:50

score 0 · Answer 2 · 2013-03-24T06:56:26.627

0

Replace your code as

<?php
if(!$_SESSION['username']){
  header("Location: ../error.php?id=1");
}

$teamgamertag = $_POST["gamertag"];
$teamgame = $_POST["game"];
$teamtype = $_POST["type"];
$teamname = $_POST["name"];
$teamconsole = $_POST["console"];

if(isset($_POST["submit"])){
  $sql2 = mysql_query("INSERT INTO teams (name, game, players, creator, console, leaders, type, score) VALUES ('$teamname', '$teamgame', '$teamgamertag', '$teamgamertag', '$teamconsole', '$teamgamertag', '$teamtype', '0')") or die(mysql_error());

  if($sql2){
    header('Location: ../results.php?id=1');
  }else{
    exit();
  }
}
?>

edited Mar 24 '13 at 06:56

answered Mar 24 '13 at 06:47

you are missing a `;` at the end of `header('Location: ../results.php?id=1')` – Sean Mar 24 '13 at 06:52
Thank you. I didn't noticed @sean – Mar 24 '13 at 06:57

MYSQL/PHP Syntax Error

2 Answers2