1

I'm trying to make a registration page but PHP is telling me that I have the wrong parameters, which doesn't make sense unless I need to add a parameter for the auto-incremental primary ID key.

Here's my SQL query call:

mysql_query("INSERT INTO Users (username, password, fname, lname, email) VALUES ('%s', '%s', '%s', '%s, '%s')",
        mysql_real_escape_string($username),
        mysql_real_escape_string($password),
        mysql_real_escape_string($first),
        mysql_real_escape_string($last),
        mysql_real_escape_string($email)) or die(mysql_error());

It gives me the wrong paramater count on the last line in this code block. Any ideas? I copied and pasted the row-names straight from my database.

my table is as follows:

id - int(11) - auto-incrementing
username - varchar(20)
password - varchar(20)
fname - varchar(35) 
lname - varchar(35)
email - varchar(254)
Improve this question
1
  • Next time, include the error message verbatim. Commented Aug 11, 2011 at 17:42

3 Answers 3

Reset to default
5

You have formatted the SQL query as a sprintf() call, but don't call sprintf()

mysql_query(sprintf("INSERT INTO Users (username, password, fname, lname, email) VALUES ('%s', '%s', '%s', '%s', '%s')",
            mysql_real_escape_string($username),
            mysql_real_escape_string($password),
            mysql_real_escape_string($first),
            mysql_real_escape_string($last),
            mysql_real_escape_string($email))) or die(mysql_error());
  // also note some parentheses out of place ^^^^^^^^^^^^^^^^^^^^^^^^
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

There were no parentheses out of place. And he formatted the PHP function call that way, not the SQL query.
:S this might be a whole other question, but I'm getting an "error near [email protected]" - does varchar accept the '@' symbol?
@Tomalak As the intended sprintf() call there were. The mysql_query() was closed, the closing ) for sprintf() must be added, and I thought there was an extra closing ) after the die() originally but it was edited out.
@Howdy_McGee There was another missing quote on the second to last %s. Edited in my answer
@Michael: There should be no closing ) for sprintf() if there is no sprintf() :)
|
2

It's PHP that's telling you off about parameters, not MySQL.

You've tried to use mysql_query like sprintf, which it is not. mysql_query accepts an optional database resource identifier, and the query string. Two parameters. That is all.

If you do want to use sprintf, then go for it:

mysql_query(
   sprintf(
      "INSERT INTO Users (username, password, fname, lname, email) VALUES ('%s', '%s', '%s', '%s, '%s')",
      mysql_real_escape_string($username),
      mysql_real_escape_string($password),
      mysql_real_escape_string($first),
      mysql_real_escape_string($last),
      mysql_real_escape_string($email)
   )
) or die(mysql_error());

But remember that the first argument to mysql_query is just a string. No magic.

Improve this answer

1 Comment

Correct, the query never reaches the MySQL in this case.
1 
mysql_query(
    sprintf("INSERT INTO Users (username, password, fname, lname, email) VALUES ('%s', '%s', '%s', '%s, '%s')",
    mysql_real_escape_string($username),
    mysql_real_escape_string($password),
    mysql_real_escape_string($first),
    mysql_real_escape_string($last),
    mysql_real_escape_string($email)))

or die(mysql_error()); // sprintf to build a final string of your query by given format and "or die statement" is outside the mysql_query function call.
Improve this answer

5 Comments

Yes but it can work with one also. It is not needed to pass the connection.
@Mike: He's only passing it one.
@Rolice: Better indentation would have avoided Mike's confusion.
Oh darn, I missed the sprintf there :P
Yes I use a new line and additional identation for the arguments, it seems readable to me, when lot of arguments are passed. It should looks good in editor. Also the or die is on new line to show its independence from the call of mysql_query. :D

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.