hi all - can anyone help with the following -
I am unable to upload any data to my database -
I can connect successfully as i have changed the password, database name and got the error's i was expecting.

but for some reason, the data just doesn't seem to want to get to my database...???/

Any pointers would be very helpful,

<?
include('autoconfig.php');

$tbl_name=temp_members_db;

// Random confirmation code 
$confirm_code=md5(uniqid(rand())); 

// values sent from form 
$name=$_POST['name'];
$email=$_POST['email'];
$password=$_POST['password'];
$country=$_POST['country'];
$city=$_POST['city'];
$mobnum=$_POST['mobnum'];
$mobnet=$_POST['mobnet'];
$mobpro=$_POST['mobpro'];
$atype=$_POST['atype'];
$datetime=date('l jS F Y h:i:s'); //create date time
$uipa = $_SERVER["REMOTE_ADDR"];
$ref = $_SERVER['HTTP_REFERER'];
$browser = $_SERVER['HTTP_USER_AGENT'];

// Insert data into database 
$sql= "INSERT INTO $tbl_name(confirm_code, name, email, password, country, city, mobnum, mobnet, mobpro, automotive, datetime, uipa, ref, browser)VALUES('$confirm_code', '$name', '$email', '$password', '$country', '$city', '$mobnum', '$mobnet', '$mobpro', '$atype', '$datetime', '$uipa', '$ref', '$browser')";
$result=mysql_query($sql);
$name=mysql_real_escape_string($_POST['name']);
$email=mysql_real_escape_string($_POST['email']);
$password=mysql_real_escape_string($_POST['password']);
$country=mysql_real_escape_string($_POST['country']);
$city=mysql_real_escape_string($_POST['city']);
$mobnum=mysql_real_escape_string($_POST['mobnum']);
$mobnet=mysql_real_escape_string($_POST['mobnet']);
$mobpro=mysql_real_escape_string($_POST['mobpro']);
$atype=mysql_real_escape_string($_POST['atype']);
$datetime=date('l jS F Y h:i:s'); //create date time
$uipa = $_SERVER["REMOTE_ADDR"];
$ref =mysql_real_escape_string( $_SERVER['HTTP_REFERER']);
$browser = mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']);

// Insert data into database 
$sql= "INSERT INTO $tbl_name(confirm_code, name, email, password, country, city, mobnum, mobnet, mobpro, automotive, datetime, uipa, ref, browser)VALUES('$confirm_code', '$name', '$email', '$password', '$country', '$city', '$mobnum', '$mobnet', '$mobpro', '$atype', '$datetime', '$uipa', '$ref', '$browser')";
$result=mysql_query($sql)or die ("Insert failed : ".mysql_error());;

try something like this.

$name=mysql_real_escape_string($_POST['name']);
$email=mysql_real_escape_string($_POST['email']);
$password=mysql_real_escape_string($_POST['password']);
$country=mysql_real_escape_string($_POST['country']);
$city=mysql_real_escape_string($_POST['city']);
$mobnum=mysql_real_escape_string($_POST['mobnum']);
$mobnet=mysql_real_escape_string($_POST['mobnet']);
$mobpro=mysql_real_escape_string($_POST['mobpro']);
$atype=mysql_real_escape_string($_POST['atype']);
$datetime=date('l jS F Y h:i:s'); //create date time
$uipa = $_SERVER["REMOTE_ADDR"];
$ref =mysql_real_escape_string( $_SERVER['HTTP_REFERER']);
$browser = mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']);

// Insert data into database 
$sql= "INSERT INTO $tbl_name(confirm_code, name, email, password, country, city, mobnum, mobnet, mobpro, automotive, datetime, uipa, ref, browser)VALUES('$confirm_code', '$name', '$email', '$password', '$country', '$city', '$mobnum', '$mobnet', '$mobpro', '$atype', '$datetime', '$uipa', '$ref', '$browser')";
$result=mysql_query($sql)or die ("Insert failed : ".mysql_error());;

try something like this.

Excellent, Many thanks - I'm looking forward to understanding more.

Just a quick question. ? please

Am i right in saying that this will help against all sql injection attacks ??

sorry if this is a daft question but I am still learning,

Many thanks again for your input....

This question has already been answered. Start a new discussion instead.