0

I want to take the POST data from the three form tags and upload variables to mySQL. When I run the PHP on the second page I get a "Parse error: syntax error, unexpected 'VALUES' (T_STRING) in C:\xampp\htdocs\PHPtest\signUpTRUE.php on line 32"

I can try to post the HTML Form Tags and the PHP..

The HTML form tags:

<div id="headingText"><p> New Fan Club Registration</p></div>

            <form action="signUpTRUE.php" method="post" >
                <div id="firstNameField">First Name:<input type="text" name="fname"></br></div>
                <div id="lastNameField">Last Name: <input type="text" name="lname"></br></div>
                <div id="emailField">Email: <input type="text" name="email"></br></div>


                <div id="checkboxField"><input type="checkbox" name="terms" value="agree" id="checkboxField" required> *Agree to the <a href="newText.php" id="termsLink">terms and conditions</a> </input></div>

                <button type="submit" value="Submit" id="button">Submit</button>

            </form>

Here is the PHP running calls to mySQL:

<?php


        $FN = htmlspecialchars($_POST['fname']);
        $LN = htmlspecialchars($_POST['lname']);
        $EM = htmlspecialchars($_POST['email']);

        $servername = "localhost";
        $username = "root";
        $password = "password";
        $dbname = "fanClub";

        $conn = new mysqli($servername,$username,$password,$dbname);

            if ($conn->connect_error)  {
                die("Connection Failed: " . $conn->connect_error);

            }

        $sql = "INSERT INTO userInfo (email, firstname, lastname)"
        VALUES ($EM, $FN, $LN);


        if ($conn->query($sql) === TRUE) {
            echo "<p> data enrty has been logged like whoa</p>";
        }else {
            echo"<p>error in code.</p>";
        }

        $conn-close();


    ?>

I get the

"Parse error: syntax error, unexpected 'VALUES' (T_STRING) in C:\xampp\htdocs\PHPtest\signUpTRUE.php on line 32"

when I try to run this.

Thanks a lot for looking at this :D!

Nelson Canino
  • 45
  • 7
  • you've missed your double quotes in line 32 –  Jan 28 '16 at 20:19
  • There is nothing to do with mysql or POST or something. `Parse error: syntax error` is mean it is just syntax error in your PHP source file. In this case you forget to quote and concatenate `VALUES ($EM, $FN, $LN)` string and just wrote it as php code. But this is NOT php code. :) – Ruslan Stelmachenko Jan 28 '16 at 20:25
  • Ok. I am honestly learning what PHP code is. I still ran this code with the corrections posted on the page and nothing is being saved to mySQL. – Nelson Canino Jan 28 '16 at 20:44

5 Answers5

0
$sql = "INSERT INTO userInfo (email, firstname, lastname)"
        VALUES ($EM, $FN, $LN);

This line is wrong. It should be:

$sql = "INSERT INTO userInfo (email, firstname, lastname) VALUES ($EM, $FN, $LN)";

Anyways your code is vulnerable to sql injection

Sebastian Breit
  • 6,137
  • 1
  • 35
  • 53
  • I'm writing this script to save data right now. After this I get this down I'll focus more on preventing SQL injection. Thanks. – Nelson Canino Jan 28 '16 at 20:29
0

The reason why you're seeing that specific error is because on line 32, you're incorrectly calling the close method of your conn class:

$conn-close();

This is missing the closing angle bracket, and should be:

$conn->close();

After you fix this error, you will then most likely see an error for the incorrect SQL formatting as pointed out in the other answers. This will most likely be a function not defined error, as you probably don't have a function called VALUE($a, $b, $c) somewhere.

cteski
  • 487
  • 3
  • 12
  • 17
  • Thank you. I've been staring into this laptop for a while now. I don't know how I missed this. I made a more practical error. Thank you for the help. – Nelson Canino Jan 28 '16 at 20:30
  • I took care of the misplaced double quote and the > symbol but the data isn't saving to mySQL still the if else statement returns an "error in code" and I checked mySQL and no data is present? – Nelson Canino Jan 28 '16 at 20:41
  • It wouldn't be possible to diagnose the issue with just the code you've posted thus far, even with the corrections listed in place. I would assume your $conn->query($sql) call is preparing and executing the statement, but one can't really attempt to problem solve something from an assumption. – cteski Jan 28 '16 at 21:01
0

The statement

$sql = "INSERT INTO userInfo (email, firstname, lastname)"
VALUES ($EM, $FN, $LN);

should be

$sql = "INSERT INTO userInfo (email, firstname, lastname)
    VALUES ($EM, $FN, $LN)";

(Note where the closing quote is.)

Actually, it should be

    $sql = "INSERT INTO userInfo (email, firstname, lastname)
    VALUES (?, ?, ?)";

and then you can use it as a prepared statement:

$stmt = $conn->prepare($query);
$stmt->bind_param('sss', $EM, $FN, $LN);
$stmt->execute();
Community
  • 1
  • 1
Darwin von Corax
  • 5,201
  • 3
  • 17
  • 28
0

The displayed error can be corrected as follows:

$sql = "INSERT INTO userInfo (email, firstname, lastname) VALUES ($EM, $FN, $LN)";

Also please correct the last line as follows:

$conn->close();
devpro
  • 16,184
  • 3
  • 27
  • 38
Gireesh
  • 1
  • 1
0

You have two issues in query

  • extra double quotes between columns and values.
  • not using single quotes between string values.

Modified query:

$sql = "INSERT INTO userInfo (email, firstname, lastname) VALUES ('$EM', '$FN', '$LN')";

Side note:

Also check the close function as mentioned in other answer correct your typo error.

devpro
  • 16,184
  • 3
  • 27
  • 38