0

i know that there are a lot of topics on this side regarding my problem but it seems that i'm missing something when i do it:

the code is below :

mysql_select_db("person");
$query = "SELECT * FROM email WHERE email='$_POST[email]' AND cc='$_POST[zip]"; 
$rs = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($rs)>=1){ echo "blablabla"; } else {
$sql="INSERT INTO `email` (`email`, `cc`),
VALUES
(`$_POST[email]`, `$_POST[zip]`)";
mysql_query($sql);
echo "blablabla";

this is the error i get on page: "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1"

thanks

raz dame
  • 63
  • 1
  • 2
  • 5

2 Answers2

3

Note:

  • You're using backticks (`) instead of apostrophe (') in the variables in your insert query. It is alright to use it in your column name, but not in your variables.
  • You should also remove your comma (,) in your insert query.
  • In your SELECT query, you're missing another apostrophe for your $_POST['zip'] variable.

Your insert query should look like this:

$sql="INSERT INTO `email` (`email`, `cc`) VALUES ('$_POST[email]', '$_POST[zip]')";
mysql_query($sql);

You should also consider using at least escape string function or prepared statement to prevent SQL injection.

Your prepared statement insert query should look like this:

$query = "INSERT INTO email (email, cc) VALUES (?,?)"; /* QUERY */
$stmt = $YourDBConnection->prepare($query);
$stmt->bind_param("ss", $_POST['email'], $_POST['zip']); /* BIND VARIABLES TO YOUR QUERY */

$stmt->execute(); /* EXECUTE QUERY */
Community
  • 1
  • 1
Logan Wayne
  • 6,001
  • 16
  • 31
  • 49
1

I saw a lot of error in your query.Try this instead

 $query = "SELECT * FROM email WHERE email='".$_POST['email']."' AND cc='".$_POST['zip']."'"; 
//you need to put quote before the variable name of $_POST

And also

$sql="INSERT INTO `email` (`email`, `cc`)
VALUES
('".$_POST['email']."','".$_POST['zip']."')";

don't use backtick on values,backtick is use only to the table or column name that is same as reserved or key word of sql

CodeSlayer
  • 1,318
  • 1
  • 12
  • 34