2

Below is my Html and php code both in separate files for my insert query it is trying to insert registration details but it keeps failing, any reasons where i am going wrong. I have trying using different types of speech marks but it still doesnt work and the textbook i have shows this method. The database can log users in and check if user exists but can not insert data. Thanks. 

<?php
include 'db.php';

session_start();
?>
<!DOCTYPE html>

<html>

<head>

</head>
<?php 
include 'header.php';
?>

    <div id="logincontent"> 

    <div id="registerform" class="loginform-in">
        <h1>Registration</h1>
        <fieldset>
            <form id="myForm" action="registerscript.php" method="POST">
            Email: <input type="text" name="username"/><br />
            Password: <input type="password" name="pass"/><br />
            First Name: <input type="text" name="fname"/><br />
            Last Name: <input type="text" name="lname"/><br />
            Address 1: <input type="text" name="add1"/><br />
            Address 2: <input type="text" name="add2"/><br />
            Postcode: <input type="text" name="pcode"/><br />
            Telephone: <input type="text" name="phone"/><br />
            <button id="submit">Register</button>
            </form>

            <div id="ack"></div>
        </fieldset>
    </div>
    </div>
</body>
</html>

PHP File 

<?php
  include('db.php');

  $email = mysql_real_escape_string( $_POST["username"] );
  $pass = mysql_real_escape_string( md5($_POST["pass"]) );
  $firstname = mysql_real_escape_string( $_POST["fname"] );
  $surname = mysql_real_escape_string( $_POST["lname"] );
  $add1 = mysql_real_escape_string( $_POST["add1"] );
  $add2 = mysql_real_escape_string( $_POST["add2"] );
  $pcode = mysql_real_escape_string( $_POST["pcode"] );
  $phone = mysql_real_escape_string( $_POST["phone"] );

  if( empty($email) || empty($pass) )
  {
    echo "Email and Password are Mandatory";
    exit();
  }




$res = mysql_query("SELECT email FROM members WHERE email='$email'");
      $row = mysql_fetch_row($res);


  if( $row > 0 )
    echo "The Email $email has already been taken. Click Forgot Password to Retrieve";

  else
  {
      $sql = "INSERT INTO members (memberid, firstname, surname, address1, address2, postcode, telephone, email, password) VALUES (
                                       '',
                                       '$firstname', 
                                       '$surname', 
                                       '$add1', 
                                       '$add2', 
                                       '$pcode', 
                                       '$phone', 
                                       '$email'
                                       '$pass')";
   if( mysql_query($sql) )
     echo "Registration Successfull";
   else
     echo "An Error Occured Please Try Again";
}

?>

Improve this question
4
  • 1
    md5 on password, may as well not bother and store it as plain text (stackoverflow.com/questions/401656/…) Commented Feb 4, 2014 at 19:23
  • 1
    remove memberid from $sql = insert into ... this is probably auto_increment type Commented Feb 4, 2014 at 19:28
  • 2
    GOT IT SORTED THANK YOU @Mr.Radical i think that got it and shankar damodarans help too Commented Feb 4, 2014 at 19:35
  • $res = mysql_query("SELECT email FROM members WHERE email='".$email."'"); Commented Feb 4, 2014 at 19:35

3 Answers 3

Reset to default
2

You missed a comma here

                                       '$phone', 
                                       '$email', //<-------------- Here
                                       '$pass')";
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yeah i fixed that still no better :(. if anyone sees anything please say i really am lost.
1

Remove memberid from $sql = insert into ... this is probably an auto_increment type value in your mysql database.

BTW you are better off using mysqli or pdo instead of using mysql_. And with prepared statements you would limit the risk for SQL injection.

Improve this answer

Comments

0

Add the following to find MySQL Error:

else
     echo "An Error Occured Please Try Again";
     echo mysql_errno($res) . mysql_error($res);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.