php - Database insertion error -


this question has answer here:

the below echo statement,

$statement = "insert $tbl_name values(" . $_get['username'] . "," . $_get['password'] . "," . $_get['passwordhintquestion'] . "," . $_get['passwordhintanswer'] . "," . $_get['firstname'] . "," . $_get['lastname'] . "," . $_get['genderselect'] . "," . $_get['date_in_format'] . "," . $_get['nationality'] . "," . $_get['refemail'] . ")" ;    echo $statement; 

gave ouput as,

insert ge_user_table values([object htmlinputelement],[object htmlinputelement],[object htmlinputelement],[object htmlinputelement],[object htmlinputelement],[object htmlinputelement],[object nodelist],[object htmlselectelement]/[object htmlselectelement]/[object htmlselectelement],[object htmlinputelement],[object htmlinputelement])database insertion fault on registration 

but during insertion database got error as,

you have error in sql syntax; check manual corresponds mysql server version right syntax use near '[object htmlinputelement],[object htmlinputelement],[object htmlinputelement],[o' @ line 1

but, below query working fine.

insert ge_user_table values('muthu2','1234','who you?','iam indian','muthu','ganapathy','male','1991-12-21','indian','abc@abc.com'); 

edit : have changed code to,

  $username     = mysql_escape_string($_get['username']);   $password     = mysql_escape_string($_get['password']);   $hintques     = mysql_escape_string($_get['passwordhintquestion']);   $hintans      = mysql_escape_string($_get['passwordhintanswer']);   $firstname    = mysql_escape_string($_get['firstname']);   $hintques     = mysql_escape_string($_get['lastname']);   $gender       = mysql_escape_string($_get['genderselect']);   $date         = mysql_escape_string($_get['date_in_format']) ;   $nationality  = mysql_escape_string($_get['nationality']) ;   $email        = mysql_escape_string($_get['refemail']) ;        $statement = "insert $tbl_name values('$username' ,'$password','$hintques' ,'$hintans','$firstname' ,'$lastname' ,".                "'$gender' ,'$date','$nationality','$email')" ;    

but,the database has entry as, enter image description here

final solution: have passed form.username in html instead of form.username.value. got correct.

it have error in javascript. send html dom node instead of value.

also should escape variables like

mysql_real_escape_string($_get['username']); 

Comments

Popular posts from this blog

c++ - llvm function pass ReplaceInstWithInst malloc -

Cross-Compiling Linux Kernel for Raspberry Pi - ${CCPREFIX}gcc -v does not work -

java.lang.NoClassDefFoundError When Creating New Android Project -