Search code examples
phpmysqlinsert-into

You have an error in your SQL syntax (mySQL)

I know questions just like this have been asked before, and I've looked at those topics and still can't seem to find the error in my syntax - so I turned to posting my own.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT_INTO users (uid,email,pass_hash,permissions,join_date) VALUES ('wright.ma' at line 1)

My code is below, but everything else seems to work until the SQL, which appears valid to me.

  $email = $_POST['email'];
  $pass = $_POST['pass'];
  $pass2 = $_POST['pass2'];
  $uid = $_POST['uid'];
  $join_date = date("Y-m-d H:i:s");
  if ($_POST['permissions']) { $permissions = $_POST['permissions']; } else { $permissions = 0; }
  if (!$email) {
    header('HTTP/1.1 500 Internal Server Error');
    header('Content-Type: application/json');
    exit("Security Module Error - Email address not provided");
  }
  if (!$uid) {
    header('HTTP/1.1 500 Internal Server Error');
    header('Content-Type: application/json');
    exit("Security Module Error - User ID not provided");
  }
  if (!$pass || !$pass2 || ($pass != $pass2)) {
    header('HTTP/1.1 500 Internal Server Error');
    header('Content-Type: application/json');
    exit("Security Module Error - Password not provided or doesn't match");
  }
  $pass_hash = crypt($pass,'$1$$hash$1');

  $conn = @mysql_connect("localhost","root","root");
  if (!$conn) {
    header('HTTP/1.1 500 Internal Server Error');
    header('Content-Type: application/json');
    exit("Database Error - Unable to Connect");
  }
  $db = @mysql_select_db("start", $conn);
  if (!$db) {
    header('HTTP/1.1 500 Internal Server Error');
    header('Content-Type: application/json');
    exit("Database Error - Unable to Access Database");
  }
  $result = @mysql_query("INSERT_INTO users (uid,email,pass_hash,permissions,join_date) VALUES ('$uid','$email','$pass_hash','$permissions',$join_date)");
  if (!$result) {
    header('HTTP/1.1 500 Internal Server Error');
    header('Content-Type: application/json');
    exit("Database Error - Unable to Create Record (".mysql_error($conn).")");
  }
  $row = mysql_fetch_array($result);
  if (!$row) {
    header('HTTP/1.1 500 Internal Server Error');
    header('Content-Type: application/json');
    exit("Security Module Error - Unable to Authenticate Record Creation");
  } else {
    $_SESSION['uid'] = $row['uid'];
    $_SESSION['permissions'] = $row['permissions'];
    $_SESSION['email'] = $row['email'];
  }

A second set of eyes willing to help would be greatly appreciated!

Solution

  • You have an underscore separating INSERT and INTO. The syntax should be "INSERT INTO ...."

    You should also look into using PDO or mysqli, as the mysql_* functions are deprecated.