Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming [SOLVED] Syntax Error: You have an error in your SQL syntax;
[SOLVED] Syntax Error: You have an error in your SQL syntax;
  • El Forum
    Guest
  •  
#1
06-25-2014, 07:01 AM

[eluser]riwakawd[/eluser]
I would like to use the code I have below but keeps on saying You have an error in your SQL syntax. I know about sha1 one not beaning to good I have other added security that not on here.

Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'admin'', salt = ''*****'', password = '' ***** ' at line 1

INSERT INTO `user` SET user_id = '1', user_group_id = '1', username = ''admin'', salt = ''*****'', password = ''********'', `status` = '1', email = ''******'', date_added = NOW()

Code:
public function database() {

$file = APPPATH . 'ci.sql';
            
            if (!file_exists($file)) {
                  exit('Could not load sql file: ' . $file);
            }
            
            $lines = file($file);
            
            if ($lines) {
                  $sql = '';

                  foreach($lines as $line) {
                        if ($line && (substr($line, 0, 2) != '--') && (substr($line, 0, 1) != '#')) {
                              $sql .= $line;
  
                              if (preg_match('/;\s*$/', $line)) {
                                    $sql = str_replace("DROP TABLE IF EXISTS `", "DROP TABLE IF EXISTS `" . $this->input->post('db_prefix'), $sql);
                                    $sql = str_replace("CREATE TABLE IF NOT EXISTS `", "CREATE TABLE IF NOT EXISTS `" . $this->input->post('db_prefix'), $sql);
                                    $sql = str_replace("CREATE TABLE `", "CREATE TABLE `" . $this->input->post('db_prefix'), $sql);
                                    $sql = str_replace("INSERT INTO `", "INSERT INTO `" . $this->input->post('db_prefix'), $sql);
                                    
                                    $this->db->query($sql);
      
                                    $sql = '';
                              }
                        }
                  }

            }



$data['db_prefix'] = $this->input->post('db_prefix');
$data['username'] = $this->input->post('username');
$data['password'] = $this->input->post('password');
$data['email'] = $this->input->post('email');

$this->db->query("DELETE FROM `" . $data['db_prefix'] . "user` WHERE user_id = '1'");

$this->db->query("
    INSERT INTO
       `" . $data['db_prefix'] . "user`
    SET
         user_id       = '1',
         user_group_id = '1',
         username      = '" . $this->db->escape($data['username']) . "',  
         salt          = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "',
         password      = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "',

         `status`      = '1',

         email         = '" . $this->db->escape($data['email']) . "',
         date_added    = NOW()

");

}


Messages In This Thread
[SOLVED] Syntax Error: You have an error in your SQL syntax; - by El Forum - 06-25-2014, 07:01 AM



Theme © iAndrew 2016 - Forum software by © MyBB