php doesnt work

Question

sarah49 0 Newbie Poster

12 Years Ago

hi everyone. I have just started to program in php. I tried to develop a php code to retrieve data from a form and insert into a table created in Mysql. Here is my php code. This code gets executed when the user submits the form.

<html>
<body>
<?php
 $con = mysql_connect("localhost","####","####");
 if(!$con){
  die('Could not connect:  '.mysql_error());}

 mysql_select_db("wb", $con);

 $sql="INSERT INTO users (username,password,mail,address,phone) VALUES  ('$_POST[username]','$_POST[pwd]','$_POST[mail]','$_POST[Address]','$_POST[Phone]')";

 if(!mysql_query($sql,$con)){
   die('Error:  '.mysql_error());}
echo "Successfully Registered!";
mysql_close($con);
?>
</body>
</html>

I neither get "Successfully registered" message nor the data gets inserted into the table. My page is blank after i press the submit button. What is wrong with the code??

php

5 Contributors
5 Replies
230 Views
7 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by broj1

jwer 0 Newbie Poster

12 Years Ago

I suspect you should quote the index values of the $_POST's, like this:

('$_POST["username"]','$_POST["pwd"]','$_POST["mail"]','$_POST["Address"]','$_POST["Phone"]

broj1 356 Humble servant

12 Years Ago

Also while developing scripts it is useful to have error reporting switched on so instead of a blank screen you get some useful information. You can do this either in your script (each of them):

ini_set('display_errors',1); 
error_reporting(E_ALL);

or in the php.ini file if you have access to it:

error_reporting = E_ALL

Other options are in the manual:

http://php.net/manual/en/function.error-reporting.php

Once your scripts go to production turn error reporting off and log errors in a log file.

Edited 12 Years Ago by broj1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

velizar.velkov 0 Newbie Poster · Answer 1 · 2012-09-20T07:48:31+00:00

I do believe your parametres should be $_POST["username"] instead of $_POST[username]?

ome2012 2 Junior Poster in Training · Answer 2 · 2012-09-20T14:07:51+00:00

$sql="INSERT INTO users (username,password,mail,address,phone) VALUES ('$_POST[username]','$_POST[pwd]','$_POST[mail]','$_POST[Address]','$_POST[Phone]')";

i think you have problem with this code...... try to check syntax of your VALUES....

broj1 356 Humble servant Featured Poster · Answer 3 · 2012-09-20T15:00:54+00:00

A note on security in web apps:

You never stick request variables directly to your database! You always first sanitize them. You expect user to enter their username in the username field but they might enter evil SQL code instead which will go directly to your query and potentialy do a lot of damage to the data in the database. Google for SQL injection attack to learn more.

The proper way wuld be at least escaping values of $_POST (or $_GET or $_COOKIE...) using MySql mysql_real_escape_string() function to render possible entered quotes and the like useless:

$username = mysql_real_escape_string($_POST[username]);
$pwd = mysql_real_escape_string($_POST[pwd]);
$mail = mysql_real_escape_string($_POST[mail]);
$Address = mysql_real_escape_string($_POST[Address]);
$Phone = mysql_real_escape_string($_POST[Phone]);

// query now uses escaped values and is also more readable
$sql="INSERT INTO users (username,password,mail,address,phone) VALUES ('$username','$pwd','$mail','$Address','Phone')";

http://www.w3schools.com/php/func_mysql_real_escape_string.asp

Another way is using prepared statements:

http://blog.ulf-wendel.de/2011/using-mysql-prepared-statements-with-php-mysqli/

Hmm, at the moment PHP.net server does not work so I cant paste links to there. Anyway, have look at it too, it is wealth of information.