We're a community of 1077K IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,076,011 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: IT HelpDesk & Customer Support Software
8 Months Ago
0

php doesnt work

hi everyone. I have just started to program in php. I tried to develop a php code to retrieve data from a form and insert into a table created in Mysql. Here is my php code. This code gets executed when the user submits the form.

<html>
<body>
<?php
 $con = mysql_connect("localhost","####","####");
 if(!$con){
  die('Could not connect:  '.mysql_error());}

 mysql_select_db("wb", $con);

 $sql="INSERT INTO users (username,password,mail,address,phone) VALUES  ('$_POST[username]','$_POST[pwd]','$_POST[mail]','$_POST[Address]','$_POST[Phone]')";

 if(!mysql_query($sql,$con)){
   die('Error:  '.mysql_error());}
echo "Successfully Registered!";
mysql_close($con);
?>
</body>
</html>

I neither get "Successfully registered" message nor the data gets inserted into the table. My page is blank after i press the submit button. What is wrong with the code??

5
Contributors
5
Replies
7 Hours
Discussion Span
8 Months Ago
Last Updated
6
Views
sarah49
Newbie Poster
2 posts since Jan 2012
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
8 Months Ago
0

I do believe your parametres should be $_POST["username"] instead of $_POST[username]?

velizar.velkov
Newbie Poster
2 posts since Sep 2012
Reputation Points: 0
Solved Threads: 0
Skill Endorsements: 0
8 Months Ago
0

I suspect you should quote the index values of the $_POST's, like this:

('$_POST["username"]','$_POST["pwd"]','$_POST["mail"]','$_POST["Address"]','$_POST["Phone"]

jwer
Newbie Poster
5 posts since Aug 2012
Reputation Points: 0
Solved Threads: 1
Skill Endorsements: 0
8 Months Ago
0

Also while developing scripts it is useful to have error reporting switched on so instead of a blank screen you get some useful information. You can do this either in your script (each of them):

ini_set('display_errors',1); 
error_reporting(E_ALL);

or in the php.ini file if you have access to it:

error_reporting = E_ALL

Other options are in the manual:

http://php.net/manual/en/function.error-reporting.php

Once your scripts go to production turn error reporting off and log errors in a log file.

broj1
Nearly a Posting Virtuoso
1,211 posts since Jan 2011
Reputation Points: 167
Solved Threads: 164
Skill Endorsements: 13
8 Months Ago
0

$sql="INSERT INTO users (username,password,mail,address,phone) VALUES ('$_POST[username]','$_POST[pwd]','$_POST[mail]','$_POST[Address]','$_POST[Phone]')";

i think you have problem with this code...... try to check syntax of your VALUES....

ome2012
Junior Poster in Training
57 posts since Sep 2012
Reputation Points: 2
Solved Threads: 16
Skill Endorsements: 1
8 Months Ago
0

A note on security in web apps:

You never stick request variables directly to your database! You always first sanitize them. You expect user to enter their username in the username field but they might enter evil SQL code instead which will go directly to your query and potentialy do a lot of damage to the data in the database. Google for SQL injection attack to learn more.

The proper way wuld be at least escaping values of $_POST (or $_GET or $_COOKIE...) using MySql mysql_real_escape_string() function to render possible entered quotes and the like useless:

$username = mysql_real_escape_string($_POST[username]);
$pwd = mysql_real_escape_string($_POST[pwd]);
$mail = mysql_real_escape_string($_POST[mail]);
$Address = mysql_real_escape_string($_POST[Address]);
$Phone = mysql_real_escape_string($_POST[Phone]);

// query now uses escaped values and is also more readable
$sql="INSERT INTO users (username,password,mail,address,phone) VALUES ('$username','$pwd','$mail','$Address','Phone')";

http://www.w3schools.com/php/func_mysql_real_escape_string.asp

Another way is using prepared statements:

http://blog.ulf-wendel.de/2011/using-mysql-prepared-statements-with-php-mysqli/

Hmm, at the moment PHP.net server does not work so I cant paste links to there. Anyway, have look at it too, it is wealth of information.

broj1
Nearly a Posting Virtuoso
1,211 posts since Jan 2011
Reputation Points: 167
Solved Threads: 164
Skill Endorsements: 13

This article has been dead for over three months: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Web Development > PHP
View similar articles that have also been tagged:
 
© 2013 DaniWeb® LLC
Page rendered in 0.0883 seconds using 2.74MB