Error with inserting to DB

Question

Parse error: syntax error, unexpected T_VARIABLE in Z:\home\ser.ser\www\sign_up.php on line 19

Also I have error with $q = mysql_query("SELECT * FROM users WHERE (login="$login")");

Help, please.

<?php
        include 'mysql_connect.php';

        $login = $_POST['login'];
        $password = $_POST['password'];
        $b_arr['b_dd'] = $_POST['B_DD'];
        $b_arr['b_mm'] = $_POST['B_MM'];
        $b_arr['b_yy'] = $_POST['B_YY'];
        $b_date = $b_arr['b_yy'].$$b_arr['b_mm'].$b_arr['b_dd'];
        if (!isUserExist($login)) {
            reg($login, $password, $b_date);
        } else {
            echo 'This user is exist !';
        }
        function reg($login, $password, $b_date) {
           // NEXT LINE ERROR
            $query = mysql_query("INSERT INTO users VALUES ("$login", "$password", "$b_date")");
           // END ERROR
        }
        function isUserExist($login) {
            $q = mysql_query("SELECT * FROM users WHERE (login="$login")");
            $result = mysql_fetch_array($q);
            if ($result) {
                return true;
            }
        }
    ?>

well @MarcB that answer below seems to not think so. `$$b_arr['b_mm'].$b_arr['b_dd'];` - are answers truly solutions? *hm...* — Funk Forty Niner, Apr 25 '16 at 18:58
@MarcB No matter the sadness, unfortunately that's valid variable declaration. PHP won't yell at Sergey for it. — MonkeyZeus, Apr 25 '16 at 19:00
by why a var-var in one case, and plain var the other? I'm betting on typo. especially with the bad `"`-string syntax later on. — Marc B, Apr 25 '16 at 19:02
@MonkeyZeus I know and I do know that you don't provide low-quality answers, which is what I edited in my comment below ;-) — Funk Forty Niner, Apr 25 '16 at 19:06

Mojtaba · Answer 1 · 2016-04-25T19:17:18.750

0

You have errors in concatenations. Please look at here: https://www.diffnow.com/?report=jgv1m

<?php
        include 'mysql_connect.php';

        $login = $_POST['login'];
        $password = $_POST['password'];
        $b_arr['b_dd'] = $_POST['B_DD'];
        $b_arr['b_mm'] = $_POST['B_MM'];
        $b_arr['b_yy'] = $_POST['B_YY'];
        $b_date = $b_arr['b_yy'].$$b_arr['b_mm'].$b_arr['b_dd'];
        if (!isUserExist($login)) {
            reg($login, $password, $b_date);
        } else {
            echo 'This user is exist !';
        }
        function reg($login, $password, $b_date) {
// NEXT LINE ERROR
            $query = mysql_query("INSERT INTO users VALUES ('".$login."', '".$password."', '".$b_date."')");
// END ERROR
        }
        function isUserExist($login) {
            $q = mysql_query("SELECT * FROM users WHERE (login='".$login."')");
            $result = mysql_fetch_array($q);
            if ($result) {
                return true;
            }
        }
    ?>

edited Apr 25 '16 at 19:17

answered Apr 25 '16 at 18:56

Mojtaba

4,852
5
21
38

2

Might be useful to point out the inevitable future-line error as well :) – MonkeyZeus Apr 25 '16 at 18:56
@MonkeyZeus *ahem*... I upvoted your comment here, that's what I was talking about up there ;-) and I know you don't give low-quality answers. – Funk Forty Niner Apr 25 '16 at 19:02
@Fred-ii- Thanks! Cheers – MonkeyZeus Apr 25 '16 at 19:17
@MonkeyZeus, I edited the answer. – Mojtaba Apr 25 '16 at 19:17
@MonkeyZeus You're quite welcome ;-) *Cheers!* – Funk Forty Niner Apr 25 '16 at 19:17

score 0 · Accepted Answer · answered Apr 25 '16 at 18:56

Warning: this code is dangerous. Please read about SQL Injection and why your code is extremely problematic. In short, anything that's put into the database must be sanitized.

Now, more to your question:

You aren't handling strings correctly. If you wish to use this dangerous method of querying, you need to concatenate your values into a string. To add variables to a string you use the . operator. So, to fix this line you would need to use something like:

$qry_str = "INSERT INTO users VALUES ('" . $login . "', '" . $password . "', '" . $b_date . "')";
$query = mysql_query($qry_str);

Note: I broke it into two lines for better readability and your isUserExist() function has the same issue.

Error with inserting to DB

2 Answers2