StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POFailed to run query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds
text
Body
copied!<p>I am having problem with my register.php page. Once i have completed all the form this is the</p> <p><strong>Full error message:</strong> </p> <p>Failed to run query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES ( 'peterusername', 'fcebef48582240a' at line 16</p> <p><strong>Note the "peterusername" is the username that i inputted.</strong> </p> <p><strong>Using Bootstrap v3.0 btw</strong></p> <pre><code> <?php require("config.php"); if(!empty($_POST)) { // Ensure that the user fills out fields if(empty($_POST['username'])) { die("Please enter a username."); } if(empty($_POST['password'])) { die("Please enter a password."); } if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { die("Invalid E-Mail Address"); } if(empty($_POST['name'])) { die("Please enter your name."); } if(empty($_POST['gender'])) { die("Please enter your gender."); } if(empty($_POST['dateofbirth'])) { die("Please enter your Date or Birth."); } if(empty($_POST['nric'])) { die("Please enter your NRIC."); } if(empty($_POST['address'])) { die("Please enter your address."); } if(!filter_var($_POST['postalcode'], FILTER_SANITIZE_NUMBER_INT)) { die("Invalid Postal Code"); } if(!filter_var($_POST['mobilenumber'], FILTER_SANITIZE_NUMBER_INT)) { die("Invalid Mobile Number"); } if(empty($_POST['profession'])) { die("Please enter your profession."); } // ===================================================== // Check if the username is already taken $query = " SELECT 1 FROM users WHERE username = :username "; $query_params = array( ':username' => $_POST['username'] ); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } $row = $stmt->fetch(); if($row){ die("This username is already in use"); } $query = " SELECT 1 FROM users WHERE email = :email "; $query_params = array( ':email' => $_POST['email'] ); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage());} $row = $stmt->fetch(); if($row){ die("This email address is already registered"); } $query = " SELECT 1 FROM users WHERE nric = :nric "; $query_params = array( ':nric' => $_POST['nric'] ); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } $row = $stmt->fetch(); if($row){ die("This NRIC is already in use"); } $query = " SELECT 1 FROM users WHERE mobilenumber = :mobilenumber "; $query_params = array( ':mobilenumber' => $_POST['mobilenumber'] ); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } $row = $stmt->fetch(); if($row){ die("This Mobile Number is already in use"); } //---------------------------------------------------- Add row to database $query = " INSERT INTO users ( username, password, salt, email, name, gender, dateofbirth, nric, address, postalcode, mobilenumber, profession, ) VALUES ( :username, :password, :salt, :email, :name, :gender, :dateofbirth, :nric, :address, :postalcode, :mobilenumber, :profession, ) "; // Security measures $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); $password = hash('sha256', $_POST['password'] . $salt); for($round = 0; $round < 65536; $round++){ $password = hash('sha256', $password . $salt); } $query_params = array( ':username' => $_POST['username'], ':password' => $password, ':salt' => $salt, ':email' => $_POST['email'], ':name' => $_POST['name'], ':gender' => $_POST['gender'], ':dateofbirth' => $_POST['dateofbith'], ':nric' => $_POST['nric'], ':address' => $_POST['address'], ':postalcode' => $_POST['postalcode'], ':mobilenumber' => $_POST['mobilenumber'], ':profession' => $_POST['profession'], ); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } header("Location: successful.php"); die("Redirecting to successful.php"); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <link rel="shortcut icon" href="../../assets/ico/favicon.png"> <title>Sign Up -</title>  <link href="css/bootstrap.css" rel="stylesheet">  <link href="jumbotron.css" rel="stylesheet">   </head> <body> <?php if (empty($_SESSION['user'])) { include_once("header.php"); } else { include_once("header2.php"); }?> <div class="page-header"> <div class="container"> <h1> Register </h1> <form action="register2.php" method="post" role="form"> <div class="form-group"> <label>Username:</label> <input type="text" name="username" value="" /> </div> <div class="form-group"> <label>Email: <strong style="color:darkred;">*</strong></label> <input type="text" name="email" value="" /> </div> <div class="form-group"> <label>Password:</label> <input type="password" name="password" value="" /> <br /><br /> </div> <div class="form-group"> <label>Name:</label> <input type="text" name="name" value="" /> </div> <div class="form-group"> <label>Gender:</label> <div class="radio"> <label> <input type="radio" name="gender" id="male" value="male" checked> Male </label> </div> <div class="radio"> <label> <input type="radio" name="gender" id="female" value="female"> Female </label> </div> </div> <div class="form-group"> <label>Date of Birth:</label> <input type="text" name="dateofbirth" value="" /> </div> <div class="form-group"> <label>NRIC:</label> <input type="text" name="nric" value="" /> </div> <div class="form-group"> <label>Address:</label> <input type="text" name="address" value="" /> </div> <div class="form-group"> <label>Postal Code:</label> <input type="text" name="postalcode" value="" /> </div> <div class="form-group"> <div class="input-group"> <span class="input-group-addon">+65</span> <input type="text" name="mobilenumber" value="" class="form-control" placeholder="Mobile Number"> </div> </div> <div class="form-group"> <label>Profession:</label> <input type="text" name="profession" value="" /> </div> <input type="submit" class="btn btn-info" value="Register" /> </form> </div> </div> <?php include_once("footer.php");?> </body> </html> </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload