0

I have tried a lot of syntax trials with single quotes and $session variables, now i decided to put the session variables in regular variables for less syntax complications.

$conn = mysql_connect($servername, $username, $password);
        // Check connection
        if (!$conn) {
            die("Connection failed: " . mysql_error());
        } 
        if (!mysql_select_db($dbname)) {
            die('Could not select database: ' . mysql_error());
        }


    $this_email = $_SESSION['email'];
    $this_password = $_SESSION['pw'];
    $this_number = $_SESSION['phone'];

    $sql = mysql_query("INSERT INTO user_accounts(Email, Password, Phone#) VALUES ('$this_email','$this_password','$this_number')");
    if (!$sql) {
      echo mysql_error();
    }

    mysql_close($conn);

This is the error i get:

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1

chris85
  • 23,846
  • 7
  • 34
  • 51
KosherHMM
  • 11
  • 1
  • 3

2 Answers2

2

Column names may have basic Latin letters, digits 0-9, dollar, underscore. All other characters will need to be in backticks.

http://dev.mysql.com/doc/refman/5.7/en/identifiers.html

so try:

INSERT INTO user_accounts(Email, Password, `Phone#`)

You also should update your driver and use prepared statements.

chris85
  • 23,846
  • 7
  • 34
  • 51
1

Because Phone# has a special character in it (#) you need to write it in backticks!

Furthermore I would recommend you to use the PDO or mysqli lib as well as prepared statements, because the mysql library is deprecated.

manniL
  • 7,157
  • 7
  • 46
  • 72