How I can fix this unexpected string content

Question

1.00/5 (1 vote)

See more:

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "forum";

// Créer une conexion
$conn = new mysqli($servername, $username, $password, $dbname);
// verifier la connexion
if ($conn->connect_error) {
  die("La connexion a échouée: " . $conn->connect_error);
}

$sql = "INSERT INTO `account`(`id`, `email`, `pass`, `game`, `gaming`) 
VALUES ('NULL','$_POST['email']','$_POST['pass']','',')";

if ($conn->query($sql) === TRUE) {
  echo "welcome to gaming forum";
} else {
  echo "Erreur: " . $sql . "
" . $conn->error;
}

$conn->close();
?>

What I have tried:

hello i am new to php and i have a problem i say :Parse error: syntax error, unexpected string content "", expecting "-" or identifier or variable or number in C:\xampp\htdocs\ on line 15

Posted 3-Oct-22 16:33pm

mbydevelop

Updated 3-Oct-22 20:27pm

Add a Solution

Comments

Richard Deeming 4-Oct-22 5:14am

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]

Richard Deeming 4-Oct-22 5:14am

You are storing passwords in plain text. Don't do that! Secure Password Authentication Explained Simply[^]

PHP provides built-in functions to help you do the right thing when storing passwords:
PHP: password_hash[^]
PHP: password_verify[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Syed Mubashshir Hasan · Answer 1 · 2022-10-03T20:27:00

Hello!
This piece of code has a number of flaws.
1. Missing ; at the end of several lines
2. Missing the $con parameter for most mysqli_ functions
3. Mixing mysql_ and mysqli_
4. Using $_post instead of $_POST (capital letters)

The query will fail if any of the POST-values include single-quotes ', so either escape them or use prepared statements (see the link "How can I avoid SQL injection in PHP?" at the bottom).
PHP: mysqli::query - Manual[^]