i am currently in the process of creating a registration page for my website, i have managed to make it work and it adds the user to my main table user_info, however i also have other tables that i want the system to insert the user into when they join, such as a log for their ip address, the problem is i thought it would be a simple cas of selecting the user info and then inserting the fields into the ip_address table, but i keep getting the error
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'terminated')' at line 1"
Anyway here is my code for the whole php script, the new lines of code that cause the error are from lines 171 - 176 (The last 5 lines at the bottom of the big block of code).
Thanks
<?php
if (isset ($_POST['firstname'])){
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers
$email = $_POST['email'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
$paypal_email = $_POST['paypal_email'];
$country = $_POST['country'];
$kingdom_name = $_POST['kingdom_name'];
$kingdom_motto = $_POST['kingdom_motto'];
$referal = $_POST['referal'];
$email = stripslashes($email);
$password = stripslashes($password);
$cpassword = stripslashes($cpassword);
$email = strip_tags($email);
$password = strip_tags($password);
$cpassword = strip_tags($cpassword);
// Connect to database
include_once "connect_to_mysql.php";
$emailCHecker = mysql_real_escape_string($email);
$emailCHecker = str_replace("`", "", $emailCHecker);
// Database duplicate username check setup for use below in the error handling if else conditionals
$sql_uname_check = mysql_query("SELECT username FROM user_info WHERE username='$username'");
$uname_check = mysql_num_rows($sql_uname_check);
// Database duplicate e-mail check setup for use below in the error handling if else conditionals
$sql_email_check = mysql_query("SELECT email FROM user_info WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);
// Error handling for missing data
if ((!$firstname) || (!$lastname) || (!$username) || (!$email) || (!$password) || (!$cpassword) || (!$paypal_email) || (!$kingdom_name) || (!$kingdom_motto)) {
$errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';
if(!$firstname){
$errorMsg .= ' * Firstname<br />';
}
if(!$lastname){
$errorMsg .= ' * Lastname<br />';
}
if(!$username){
$errorMsg .= ' * Username<br />';
}
if(!$email){
$errorMsg .= ' * Email<br />';
}
if(!$password){
$errorMsg .= ' * Password<br />';
}
if(!$cpassword){
$errorMsg .= ' * Password Check<br />';
}
if(!$paypal_email){
$errorMsg .= ' * Paypal Email<br />';
}
if(!$kingdom_name){
$errorMsg .= ' * Kingdom Name<br />';
}
if(!$kingdom_motto){
$errorMsg .= ' * Kingdom Motto<br />';
}
} else if ($password != $cpassword) {
$errorMsg = 'ERROR: Your Password fields below do not match<br />';
} else if (strlen($username) < 4) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />";
} else if (strlen($username) > 20) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />";
} else if ($uname_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />";
} else if ($email_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />";
} else { // Error handling is ended, proc开发者_StackOverflow中文版ess the data and add member to database
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
// Add MD5 Hash to the password variable
$db_password = md5($password);
// GET USER IP ADDRESS
$ipaddress = getenv('REMOTE_ADDR');
// Add user info into the database table for the main site table
$sql = mysql_query("INSERT INTO user_info (firstname, lastname, username, email, password, country, sign_up_date)
VALUES('$firstname','$lastname','$username','$email','$password', '$country', now())")
or die (mysql_error());
$id = mysql_insert_id();
// Create directory(folder) to hold each user's files(pics, MP3s, etc.)
mkdir("members/$id", 0755);
////////////////////////////////////////////////////////////////////////
///////////////BUILDING THE USER PROFILES///////////////////////////////
$sql_id = ("SELECT * FROM user_info WHERE username = '$username'");
$result = mysql_query($sql_id);
$sql_result = mysql_fetch_array($result);
$sql = mysql_query("INSERT INTO ip_log (id, ip_log) VALUES ('$id', '$ipaddress'") or die (mysql_error());
include_once 'registration_success.php';
exit();
} // Close else after duplication checks
} else { // if the form is not posted with variables, place default empty variables so no warnings or errors show
$errorMsg = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$password= "";
$cpassword = "";
$paypal_email = "";
$kingdom_name = "";
$kingdom_motto = "";
$referal = "";
}
?>
Closing parentheses missing here:
"INSERT INTO ip_log (id, ip_log) VALUES ('$id', '$ipaddress'"
精彩评论