Okay so I set up a registration form and everything goes well when registering but when I go and check in MySQL database the row is created but only the id field is filled not the First Name, Second Name, Email and Password.

Here's the .PHP for processing the registration :

mysql_select_db("mlsconnection_99k_dbusers", $con);

$sql="INSERT INTO Persons (FirstName, LastName, Email, Password)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[Email]','$_POST[Password]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "User created, Thanks for Registrating";

mysql_close($con)
?>

Recommended Answers

ALLWAYS use mysql_real_escape_string()
or you will be hacked read http://www.php.net/manual/en/security.database.sql-injection.php

mysql_select_db("mlsconnection_99k_dbusers", $con);

$sql="INSERT …
Jump to Post

refering to array's in a string doesn't work

sql= "bla $_POST[lastname] bla";

wrong (bla bla)

sql= "$lastname"

ok

sql= "bla ".$_POST[lastname]."bla";

also ok

Jump to Post

All 7 Replies

ALLWAYS use mysql_real_escape_string()
or you will be hacked read http://www.php.net/manual/en/security.database.sql-injection.php

mysql_select_db("mlsconnection_99k_dbusers", $con);

$sql="INSERT INTO Persons (FirstName, LastName, Email, Password)
VALUES
(".mysql_real_escape_string($_POST[firstname])."','".mysql_real_escape_string($_POST[lastname])."','".mysql_real_escape_string($_POST[Email])."','".mysql_real_escape_string($_POST[Password])."')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "User created, Thanks for Registrating";

mysql_close($con)

Thanks for the help =)

Got any idea why doesn't the form fill the rows?

refering to array's in a string doesn't work

sql= "bla $_POST[lastname] bla";

wrong (bla bla)

sql= "$lastname"

ok

sql= "bla ".$_POST[lastname]."bla";

also ok

Don't understand you xD how should the code look like? what should I change? :)

the code i posed shoud work
(didn't test)

It gave an error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '','','','')' at line 3

you must use

$_POST['lastname']

not

$_POST[lastname]

sorry i didn't seed that

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.