0

So I am having this issue where i am getting the values from the POST, but when the insert query runs nothing is showing in the database, but I am getting no errors and the echos work. Here is my files:

config.php:

<?php

$host = "000webhost.com";
$user = "a9257*****";
$pass = "*****";
$db = "a9257*****";

$connect = mysql_connect($host, $user, $pass);
mysql_select_db($db, $connect);

?>

Here is my submit.php:

<?php

include "config.php";

$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$pass = md5($_POST['pass']);

$insert = 'INSERT INTO tblUsers (userFirstName, userLastName, userEmail, userPassword) VALUES("'.$fname.'","'.$lname.'""'.$email.'","'.$pass.'")';

mysql_query($insert);

echo $fname;
echo $lname;
echo $email;
echo $pass;

?>

Any help will be much obliged.

Improve this question
6
  • You're using the wrong mysql library. ext/mysql is deprecated. Commented Jul 27, 2013 at 21:57
  • mysql_query($insert) die('Error: ' . mysqli_error()); and it will show errors. Commented Jul 27, 2013 at 21:57
  • Are you sure there are no errors? You don't seem to be checking for errors coming back from MySQL. Given that your code is wide open to SQL injection attacks, just about anything could be happening in that query. Commented Jul 27, 2013 at 21:57
  • 1
    @ErmanBelegu don't you need "or die"? Commented Jul 27, 2013 at 21:57
  • You should use single quotes for the string literals in your query. Double quotes are accepted by mysql but you could have problems when migrating to another rdbms. Commented Jul 27, 2013 at 21:58

2 Answers 2

Reset to default
2

$insert = 'INSERT INTO tblUsers (userFirstName, userLastName, userEmail, userPassword) VALUES("'.$fname.'","'.$lname.'","'.$email.'","'.$pass.'")';

You forgot a comma "'.$lname.'"HERE"'.$email.'"

Edit: escape your variables or your database will get hacked (will, not if ;) )

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Word.. I just saw the problem and gave an answer.
2

You get no errors because you are not asking MySQL to give them to you!

Change this line:

mysql_query($insert);

into this version:

mysql_query($insert, $connect) or die("MySQL error:". mysql_error($connect));

Let us know the error, or fix it directly yourself.

AND PLEASE ADD ESCAPING! All your values allow for SQL injection attacks!

And please do not use MD5 for password hashing! Starting at PHP 5.5 there are easy to use password hashing functions, that also have been backported to PHP 5.3.6. Please include this simple library: https://github.com/ircmaxell/password_compat

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.