You need to put the parameters to the param function in quotes (either single (') or double (") quotes). Perl knows a keyword called last but it also knows that this keyword makes no sense there and dosen't know what to do now and gives up.
I also noticed that you used backquotes (`) around the SQL parameters - I'm not sure that SQL wants quotes around the column names, and I'm also not too sure that SQL allows backquotes around these. You might want to check this.
Somewhat corrected, your code should look like this :
$sth = $dbh->prepare("INSERT INTO users( id, username, password, first, last, email, phone, address, city, state, zip, country, s_address, s_city, s_state, s_zip, s_country, intrests) VALUES ('', ?, ?, ?, ?, ?, ?, ?, ?, ? +, ?, ?, ?, ?, ?, ?, ?, ?)"); $sth->execute(param('first'), param('last'), param('username'), param('password'), param('repass'), param('email'), param('reemail'), param('phone'), param('address'), param('city'), param('state'), param('zip'), param('country'), param('s_address'), param('s_city'), param('s_state'), param('s_zip'), param('s_country'));
After cleaning up your code, I noticed that you have quite some discrepancies between your query and the parameters you pass to it - most likely you want to check that the password field and the repass field are identical instead of passing them both to the SQL database. But I propose a different approach anyway that avoids those errors, as you will change your form and database layout anyway (trust me) :
Make an array with the list of columns you want to save from the form in the database, and then construct your SQL statement and the CGI query parser from that statement :
my @columns = qw(username password first last email phone address city state zip country s_address s_city s_state s_zip s_country intrests); # There are more elegant ways to build this, but this is # a step-by-step way : my $sql_columns = "id"; my $sql_values = "''"; foreach @columns { $sql_columns .= ", $_"; # Add the column name $sql_values .= ", ?"; # And add a parameter to the query }; $sth = $dbh->prepare( "INSERT INTO users($sql_columns) VALUES ($sql_va +lues)"); # Now extract each CGI parameter, and store the values in @formvalues my @formvalues = map { param( $_ ) } @columns; $sth->execute(@formvalues);
If you have any fields that do not come from the CGI form (like the user id or some other value), you can either add them to the @formvalues array afterwards (but you need to modify the string building then), or make the update a two-step process.
Update Fixed typo - last is a keyword, not a function. Thanks to dws
perl -MHTTP::Daemon -MHTTP::Response -MLWP::Simple -e ' ; # The $d = new HTTP::Daemon and fork and getprint $d->url and exit;#spider ($c = $d->accept())->get_request(); $c->send_response( new #in the HTTP::Response(200,$_,$_,qq(Just another Perl hacker\n))); ' # web
In reply to Re: Getting something wrong with SQL
by Corion
in thread Getting something wrong with SQL
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |