Code:
mysql_query("INSERT INTO Account(User,
Pw, email)
VALUES('mysql_real_escape_string($_POST[user])',
'$pw','mysql_real_escape_string($_POST[email])
) ") or die(mysql_error());
Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''mysql_real_escape_string(123) )' at line 1
Please help
The problem is that you're quoting a PHP command, so it never gets passed to PHP
try this
mysql_query("INSERT INTO Account(User, Pw, email) VALUES('".mysql_real_escape_string($_POST[user])."', '$pw','".mysql_real_escape_string($_POST[email])."' ) ") or die(mysql_error());
but your $_POST[user] calls might also fail if user isn't a defined constant, so maybe try this
mysql_query("INSERT INTO Account(User, Pw, email) VALUES('".mysql_real_escape_string($_POST['user'])."', '$pw','".mysql_real_escape_string($_POST['email'])."' ) ") or die(mysql_error());
INSERT INTO Account(User, Pw, email) VALUES('mysql_real_escape_string($_POST[user])', '$pw','mysql_real_escape_string($_POST[email]) ) ... and that is not a valid MySQL query (it contains PHP functions). This answer fixes the issue. I'm curious, though, should $pw be escaped as well?Do not stuff all your code into one line.
You don't have to pay for each additional operator. Write distinctly.
$user = mysql_real_escape_string($_POST['user']);
$email = mysql_real_escape_string($_POST['email']);
$pw = mysql_real_escape_string($pw);
$query = "INSERT INTO Account(User,Pw, email) VALUES ('$user','$pw','$email')";
mysql_query($query) or trigger_error(mysql_error().$query);
