nwalker78
asked on
Uncaught exception 'PDOException' with message 'SQLSTATE[42000]
Hi having very frustrating time trying to sort the stated error. on excecution i get hit with:
apologies for crudity of code, i wanted to get it working in its basic form before i did to much.
any help and advice is much appreciated.
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''accounts' ('username', 'password', 'salt') VALUES ('321','456','4T1ffup28X8bthe code that generates this is as followszcQ' at line 1' in D:\wamp\www\ogserver\index .php on line 37
<?php
$sqlHost = 'localhost';
$sqlUser = 'removed';
$sqlPass = 'removed';
$sqlDatabase = 'ogserverdb';
$connection = new PDO('mysql:host='.$sqlHost.';dbname='.$sqlDatabase.';charset=utf8', $sqlUser, $sqlPass);
$connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$username = null;
$password = null;
if (isset($_GET['user'])) {
$username = $_GET['user'];
}
if (isset($_GET['pass'])) {
$password = $_GET['pass'];
}
if ((isset($username)) && (isset($password))) {
// TODO SQL
$salt = genSalt(40);
$passHash = md5(md5($salt).md5($password));
$statement = $connection->prepare("INSERT INTO 'accounts' ('username', 'password', 'salt') VALUES (:myuser,:mypass,:mysalt);");
$statement->bindParam(":myuser", $username);
$statement->bindParam(":mypass", $password);
$statement->bindParam(":mysalt", $salt);
echo $username."<p>";
echo $password." Hashed: (".$passHash.")<p>";
echo $salt."<p>";
if($statement->execute()) {
echo "Hello ".$username." Thank you for your registration";
} else {
echo "There was a problem and your registration failed!";
}
} else {
// DISPLAY
echo '<input type="text" id="user" placeholder="username"/>
<input type="text" id="pass" placeholder="password"/>
<button id="button">Register</button>
<script>
var button = document.getElementById("button");
button.addEventListener("click", function() {
var user = document.getElementById("user");
var pass = document.getElementById("pass");
if(user.value.length < 3 || pass.value.length < 3){
alert("Please enter a valid username or password");
} else {
window.location = "index.php?user="+user.value+"&pass="+pass.value;
}
});
</script>
';
}
function genSalt($length)
{
$variables = 'aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ0123456789';
$charLength = strlen($variables);
$returned = '';
for($i = 0; $i < $length; $i++)
{
$returned .= $variables[rand(0, ($charLength - 1))];
}
return $returned;
}
?>
apologies for crudity of code, i wanted to get it working in its basic form before i did to much.
any help and advice is much appreciated.
remove the ' around the table name accounts.
ASKER
tried without the ' around accounts but still getting
not much hair left here!!!!!!!!!!
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''username', 'password', 'salt') VALUES ('user','pass','vXgHfSUpfwn3ehVIbVGa kHF3a' at line 1' in D:\wamp\www\ogserver\index .php on line 37
not much hair left here!!!!!!!!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
many thanks my sanity has been saved!!!!!!!!!!!!!!!!!!!!! !!
Yay! If you need to use quote marks in SQL queries (like in the case that someone has thoughtlessly named a column with a SQL reserved word) you probably want to try backticks. On my keyboard they are the lower-case character to the left of the number 1. They look a lot like single quotes, but have different meaning and effect.
Those SQL messages are only marginally useful at best, aren't they?!
Those SQL messages are only marginally useful at best, aren't they?!
ASKER
hehehe yes, came across a couple of posts mentioning backticks, what hurt head even more i copied code verbatim from a youtube tute with exception of db info like user/pass ect and even though the code on tute worked "see it run in vid" it still gave grief.