0

Hi everybody i have a problem with data input from html form throu php to mysql the connection has been done i test it and its working but i cant figure out why data isn't imputed ive double checked the database and its as should be

registration form

<form action="register.php" method="post">
<table>
    <tr>
        <td>UserName</td>
        <td><input type="text" name="username"></td>
    <tr>
        <td>Password</td>
        <td>
            <input type="password" name="password">
        </td>
    <tr>
        <td>
            First Name
        </td>
        <td>
            <input type="text" name="fname">
        </td>
    </tr>
    <tr>
        <td>
            Last Name
        </td>
        <td>
            <input type="text" value="" name="lname">
        </td>
    </tr>
    <tr>
        <td>
            E-Mail
        </td>
        <td>
            <input type="email" name="mail">
        </td>
    <tr>
        <td>
            <input type="submit" value="Done!!!">
        </td>
    </tr>
</table>

database conntection

<?php
    $db_adress="localhost";
    $db_username="root";
    $db_password="******";
    $db_name="accounts";
    @mysql_connect("$db_adress","$db_username","$db_password") or die ("Could not connect the DATABASE for more infos go kill yourself");
    @mysql_select_db("$db_name") or die ("No Database");
?>

data input code 

    $username = $_POST['username'];
    $password = $_POST['password'];
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];
    $mail = $_POST['mail'];

    $insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES (""'.$username.'", "'.$password '", "'.$fname.'", "'.$lname.'" ,"'.$mail.'")");
    mysql_query($insert);
    echo "Done";

I am glad for any help!

Improve this question
4
  • Not certain if this is the cause but $insert=("...") doesn't need brackets around it, just the quotes. Commented Mar 25, 2014 at 12:18
  • echo "INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ("'.$username.'", "'.$password '", "'.$fname.'", "'.$lname.'" ,"'.$mail.'")" and test the query in sql console Commented Mar 25, 2014 at 12:21
  • You are exposed to sql injection please use PDO or atleast use mysql_real_escape_string() to sanitize data. Commented Mar 25, 2014 at 12:23
  • For the record: You accepted the wrong answer, syntax-wise. Commented Mar 25, 2014 at 13:42

5 Answers 5

Reset to default
1

For the record, you accepted the wrong answer, syntax-wise.

Table and column names are not to be wrapped in quotes, but either use no quotes or use backticks.

$insert=("INSERT INTO register (Username, Password, FirstName, LastName, email)  
VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");

or:

$insert=("INSERT INTO `register` (Username, Password, FirstName, LastName, email) VALUES 
('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");

I also recommend you sanitize your inputs:

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$mail = mysql_real_escape_string($_POST['mail']);

mysql_* functions are deprecated and will be removed from future PHP releases.

Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)

This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.

I also noticed that you are storing passwords in plain text. This is not recommended.

Use one of the following:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Try this:

I think your syntax of query is wrong. Try given below.

$insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");
Improve this answer

Comments

0

The problem is the way you are concating. try this-

$insert=('INSERT INTO register(Username, Password, FirstName, LastName, email) VALUES ("'.$username.'", "'.$password '", "'.$fname.'", "'.$lname.'" ,"'.$mail.'")');
Improve this answer

Comments

0

It's because of Single quotes and double quotes.

Try below code.

$insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");
Improve this answer

Comments

0

Your insert query is not properly enclosed in quotes. Try this

$insert= "INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')";
Improve this answer

1 Comment

How is this any different from three other answers herer?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.