0
$email data = $_GET ["email"];
$password_data = $ _GET ["password"];

This code should get the form input via HTTP GET or POST

$sql = "INSERT INTO user (email, password)
VALUES ($email_data, $password_data)";

This should insert the data into the SQL database

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' )' at line 2

And this is the error I get

I tried already other ways but then the data inserted into the SQL database was empty.

Can y'all help me?

I tried some code changes like VALUES ($_GET["email"], $_GET["password"])"; and i tried it too with $_POST

tadman
  • 208,517
  • 23
  • 234
  • 262
github host2
  • 34
  • 9
  • Your code is going to be prone to SQL injection attacks. Never trust input from a user. Use PDO (look it up if you don't know what it is) to stop it from happening. But one thing that stands out with what you posted is your variable name `$email data` is missing an underscore. – Fly_Moe Jul 07 '23 at 14:05
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](https://php.net/manual/en/mysqli-stmt.bind-param.php) to add any data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](https://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or data *of any kind* directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Jul 07 '23 at 14:08
  • **WARNING**: Writing an access control layer is not easy and there are many opportunities to get it severely wrong. Any modern [development framework](https://www.cloudways.com/blog/best-php-frameworks/) like [Laravel](http://laravel.com/) comes with an [authentication system](https://laravel.com/docs/master/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords as plain-text** or a weak hash like **SHA1 or MD5**. – tadman Jul 07 '23 at 14:08
  • Having the password in the URL as plain-text, passed to a query with no escaping, into a bunch of artisanal PHP code on the back-end is something you just cannot do these days with a public facing site. This is 2023, not 1998. – tadman Jul 07 '23 at 14:09
  • If you're just getting started with PHP and want to build applications, I'd strongly recommend looking at various [development frameworks](https://www.cloudways.com/blog/best-php-frameworks/) to see if you can find one that fits your style and needs. They come in various flavours from lightweight like [Fat-Free Framework](https://fatfreeframework.com/) to far more comprehensive like [Laravel](https://laravel.com/). These give you concrete examples to work from and guidance on how to write your code and organize your project's files. – tadman Jul 07 '23 at 14:12

0 Answers0