This is my index.php page:

<html>
<body>

<form action="action.php" method="post">
Username: <input type="text" name"username"><br />
Password: <input type="password" name="password">
<input type="submit" name="submit" />
</form>

</body>
</html>

This is my action.php page:

<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("users", $con);

mysql_query("INSERT INTO userlogin (username, password)
VALUES ('username', 'password')");

mysql_close($con);
?>

Here's the problem:

Everytime the users clicks submit the action.php page insert username and password into my table instead of the username and password the user types in. It just put username under the colum username and password under the column password!

I don't understand what I did wrong!

Member Avatar

@ddanielsmith

What's wrong with my script?

On your Form your <input type> should be text not passowrd.

Password: <input type="text" name="password">

Change you INSERT statement from this:

mysql_query("INSERT INTO userlogin (username, password) VALUES ('username', 'password')");

To this:

mysql_query("INSERT INTO userlogin (username, password) VALUES ('$username', '$password)')") or die (mysql_error());

On your Form your <input type> should be text not passowrd.

Just a small correction: type can also be password ( http://www.w3.org/TR/html5/the-input-element.html#attr-input-type & http://www.w3.org/TR/html401/interact/forms.html#input-control-types ), the only difference between text and password is the masquerading in the client side, while on the server side you get the same string. Bye.

commented: Didn't know that! Nice to know! +5