0

I cannot figure out what the issue is with my PHP but the INSERT function seems to fail at all times. I have the correct table rows listed but there could just be a simple syntax issue. If that code is needed, I can supply it also. Here's my PHP and database structure:

enter image description here

  <?php  
 $con = mysql_connect('***','***','***');  
    if (!$con)  
{  
    echo "Failed to make connection.";  
    exit;  
}  
$db = mysql_select_db('***');  
if (!$db)  
{  
    echo "Failed to select db.";  
    exit;  
}  
$username   = $_POST['username'];  
$password   = $_POST['password'];  
$name      = $_POST['name'];  
$email      = $_POST['email'];  
$sql        = "SELECT username,email FROM Users WHERE username = '" . $username . "' OR email = '" . $email . "'";  
$query      = mysql_query($sql);  
if (mysql_num_rows($query) > 0)  
{  
    echo "That username or email already exists";  
}  
else  
{  
    $insert = "INSERT INTO Users(username,password,name,email) VALUES ('" . $username . "','" . $password . "','" . $name . "','" . $email . "')";  
    $query  = mysql_query($insert);  
    if ($query)  
    {  
        echo "Thanks for registering. You may now login.";  
    }  
    else  
    {  
        echo "Insert failed";  
    }  
}  
?>
Improve this question
7
  • 2
    what is the mysql error Commented Jun 19, 2013 at 22:28
  • 2
    is the id is auto incrementing? Commented Jun 19, 2013 at 22:29
  • 2
    Also your script is full of SQL injection vulnerabilities, read php.net/manual/en/security.database.sql-injection.php :) Commented Jun 19, 2013 at 22:29
  • 2
    what I always do in this situation: after $insert put echo $insert. it will display your mysql query. copy/paste this query in phpmyadmin and see which error is. then post it here, so it will be easier to see where the problem is Commented Jun 19, 2013 at 22:29
  • 1
    Not directly related to solving your problem, but the use of mysql_* functions are really... well, not recommended. Have a look at mysqli_*, or better yet - PDO. :) Commented Jun 19, 2013 at 22:30

3 Answers 3

Reset to default
1

Throw the error if the query fails so you can see what's happening. Take this out before you go live though. 

$query = mysql_query($insert);
if (!$query) {
    die('Invalid query: ' . mysql_error());
} else {
    echo "Thanks for registering. You may now login.";
}

Also a couple of suggestions for your login form. Escape the stuff your inputting into your database using http://www.php.net/manual/en/function.mysql-real-escape-string.php. I'd also recommend finding a good regex to validate the email before you save it. And even hashing the password at a minimum.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

there are filters in php then why you want to reinvent the wheel
Is it possible to show a few examples of sanitizing the data with my current script above?
$username = mysql_real_escape_string($_POST['username']); I also recommend using mysqli...php.net/manual/en/book.mysqli.php
Would you know how to rewrite this in MySQLi? I'm not having much luck replicating this script.
1

Might be that you dont have a space in between Users and "(". Also, is your table with a capital letter. Maybe the table has some prefixes?

Improve this answer

1 Comment

Spaces around delimiter characters are not necessary.
1

This is untested but it may be as simple as this:

$insert = "INSERT INTO Users(username,password,name,email) VALUES ('$username','$password','$name','$email')";
Improve this answer

1 Comment

Thanks, would you know how to rewrite this script in Mysqli?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.