mysql_select_db("musicDB", $con);
$sql = mysql_query("INSERT INTO Users (username, fname, lname, email, dob, password, occupation, genre )
VALUES ('$_POST[username]', '$_POST[fname]', '$_POST[lname]', '$_POST[email]', '$_POST[dob]', sha1('$_POST[password]'), '$_POST[occupation]', '$_POST[genre]')");
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
?>
I am new to PHP and I am getting this SQL error:
The query is empty.
What am I doing wrong?
$sql = mysql_query("INSERT INTO Users (username, fname, lname, email, dob, password, occupation, genre )
VALUES ('$_POST[username]', '$_POST[fname]', '$_POST[lname]', '$_POST[email]', '$_POST[dob]', sha1('$_POST[password]'), '$_POST[occupation]', '$_POST[genre]')");
if (!sql)
{
is correct one. You were trying to do
if(!mysql_query(mysql_query("....")))
{
mysql_select_db("musicDB", $con);
// that's dirty but at least something to protect that silly code
$_POST['password'] = sha1($_POST['password'].$_POST['username']);
foreach($_POST as $key => $value) $_POST[$key] = mysql_real_escape_string($value);
$sql = "INSERT INTO Users (username, fname, lname, email, dob, password, occupation, genre )
VALUES ('$_POST[username]', '$_POST[fname]', '$_POST[lname]', '$_POST[email]',
'$_POST[dob]', '$_POST[password]', '$_POST[occupation]', '$_POST[genre]')");
if (!mysql_query($sql,$con))
{
trigger_error(mysql_error()." ".$sql);
} else {
echo "1 record added";
}
?>
when declaring the string query variable, dont use $sql = mysql_query(...); just simply $sql = "..."; and it should work fine
