Sergey  Alekseev Sergey Alekseev - 2 years ago 51
SQL Question

Error with inserting to DB

Parse error: syntax error, unexpected T_VARIABLE in Z:\home\ser.ser\www\sign_up.php on line 19

Also I have error with
$q = mysql_query("SELECT * FROM users WHERE (login="$login")");

Help, please.

include 'mysql_connect.php';

$login = $_POST['login'];
$password = $_POST['password'];
$b_arr['b_dd'] = $_POST['B_DD'];
$b_arr['b_mm'] = $_POST['B_MM'];
$b_arr['b_yy'] = $_POST['B_YY'];
$b_date = $b_arr['b_yy'].$$b_arr['b_mm'].$b_arr['b_dd'];
if (!isUserExist($login)) {
reg($login, $password, $b_date);
} else {
echo 'This user is exist !';
function reg($login, $password, $b_date) {
$query = mysql_query("INSERT INTO users VALUES ("$login", "$password", "$b_date")");
function isUserExist($login) {
$q = mysql_query("SELECT * FROM users WHERE (login="$login")");
$result = mysql_fetch_array($q);
if ($result) {
return true;

Answer Source

Warning: this code is dangerous. Please read about SQL Injection and why your code is extremely problematic. In short, anything that's put into the database must be sanitized.

Now, more to your question:

You aren't handling strings correctly. If you wish to use this dangerous method of querying, you need to concatenate your values into a string. To add variables to a string you use the . operator. So, to fix this line you would need to use something like:

$qry_str = "INSERT INTO users VALUES ('" . $login . "', '" . $password . "', '" . $b_date . "')";
$query = mysql_query($qry_str);

Note: I broke it into two lines for better readability and your isUserExist() function has the same issue.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download