What is this error? Does anyone know ?
When I post in localhost this error will come. What is this error where is the problem in my code?
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Amritsar')' at line 1
<?php
include("includes/connect.php");
if(isset($_POST['submit'])){
$name = $_POST['name'];
$surname = $_POST['surname'];
$business_name = $_POST['business_name'];
$email = $_POST['email'];
$emailagain = $_POST['emailagain'];
$password = $_POST['password'];
$business_category = $_POST['business_category'];
$country = $_POST['country'];
$city = $_POST['city'];
if($name==''){
echo"<script>alert('Lütfen İsmi Doldurunuz')</script>";
exit();
}
if($surname==''){
echo"<script>alert('Lütfen Soyadı Doldurunuz')</script>";
exit();
}
if($business_name==''){
echo"<script>alert('Lütfen Şirkat Adınızı Doldurunuz')</script>";
exit();
}
if($email==''){
echo"<script>alert('Lütfen eposta alanını Doldurunuz')</script>";
exit();
}
if($email != $emailagain){
echo"<script>alert('entered email addresses don't match')</script>";
exit();
}
$check_email = "SELECT * FROM users WHERE email='$email'";
$run = mysql_query($check_email);
if(mysql_num_rows($run)>0){
echo "<script>alert('Email $email is kullanılmaktadır, farklı bir adresi le kaydolmayı deneyin')</script>";
exit();
}
$query ="INSERT INTO `users` (`name`,`surname`,`business_name`, `email`,`emailagain`,`password`,`business_category`,`country`,`city`) VALUES ('$name','$surname','$business_name', '$email','$emailagain','$password','$business_category','$country,'$city')";
$result = mysql_query($query) or die(mysql_error());
if($result){
echo("<center><h1>Yayınınız başarıyla gerçekleştirilmiştir</h1></center>");
}
else {
echo("<center><h1>Yayınınız gerçekleştirilemedi</h1></center>");
}
}
?>
You are missing a closing quote (') on $country.
This is your code :
$query ="INSERT INTO `users` (`name`,`surname`,`business_name`, `email`,`emailagain`,`password`,`business_category`,`country`,`city`) VALUES ('$name','$surname','$business_name', '$email','$emailagain','$password','$business_category','$country,'$city')";
change it like this:
$query ="INSERT INTO `users` (`name`,`surname`,`business_name`, `email`,`emailagain`,`password`,`business_category`,`country`,`city`) VALUES ('$name','$surname','$business_name', '$email','$emailagain','$password','$business_category','$country','$city')";
From the lack of sanitization, I assume that you are getting an error based on stray quotes in your data, which would break the query. In example, if I provided a username of O'rielly it would break the query.
I would also recommend potentially switching to PDO instead of using the deprecated mysql_* functions, and using prepared statements to help avoid things like SQL injection attacks, or malformed data causing your query to blow up.
NEVER EVER trust the user...always sanitize your data inputs when injecting them directly into a SQL statement.
Update:
Look at your query....you are missing a closing quote (') on $country.
Can you change this:
$query ="INSERT INTO `users` (`name`,`surname`,`business_name`, `email`,`emailagain`,`password`,`business_category`,`country`,`city`) VALUES ('$name','$surname','$business_name', '$email','$emailagain','$password','$business_category','$country,'$city')";
to this:
$query ="INSERT INTO `users` (name,surname,business_name, email,emailagain,password,business_category,country,city) VALUES ('$name','$surname','$business_name', '$email','$emailagain','$password','$business_category','$country','$city')";