SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Hybrid View

  1. #1
    SitePoint Member
    Join Date
    Dec 2012
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    My Form Isn't Updating My MySQL Database Table

    So I started an PHP login system, and the login works, but when I try to make a registration form, it just won't work. I have a database table named members, and it has three columns, named id, username, and password. The HTML is this.

    HTML Code:
    <form name="form2" method="POST" action="checkregister.php" id="registerform">
        <fieldset>
        	<legend>Register</legend>
            <label for="newusername">Username:</label>
            <input type="text" name="newusername" id="newusername" class="textinput" /><br/>
            <label for="newpassword">Password:</label>
            <input type="text" name="newpassword" id="newpassword" class="textinput" /><br/>
            <input type="submit" name="Submit" value="Register" />
        </fieldset>
    </form>
    And then my PHP script goes like this. My database info is also correct.

    PHP Code:
    <?php
    // Connect to server and select databse.
    mysql_connect("$host""$username""$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");

    // Define $newusername and $newpassword 
    $newusername=$_POST['newusername']; 
    $newpassword=$_POST['newpassword']; 
    mysql_query("INSERT INTO members(id, username, password) VALUES(' ', $newusername', '$newpassword')"); 
    Print 
    "Registration Completed"
    ?>
    Any help would be appreciated, thank you!

  2. #2
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,804
    Mentioned
    157 Post(s)
    Tagged
    3 Thread(s)
    hi, you are missing a ' before $newusername in your query string.

    Echo out a mysql error message to give you a clue as to what is happening.
    eg
    PHP Code:

    mysql_query
    ("INSERT INTO members(id, username, password) VALUES(' ', $newusername', '$newpassword')") or die(mysql_error()); 
    Also as a piece of advice, please look at SQL Injection as your query is using USER SUBMITTED input directly into your database query.
    This could easily lead you into difficulties in the future as a hacker would have direct access to manipulate your database.

    Specifically look at mysql_real_escape_string().

    If youare just starting out with mysql, look at using PDO instead: http://php.net/pdo

    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  3. #3
    SitePoint Member
    Join Date
    Dec 2012
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by spikeZ View Post
    hi, you are missing a ' before $newusername in your query string.

    Echo out a mysql error message to give you a clue as to what is happening.
    eg
    PHP Code:

    mysql_query
    ("INSERT INTO members(id, username, password) VALUES(' ', $newusername', '$newpassword')") or die(mysql_error()); 
    Also as a piece of advice, please look at SQL Injection as your query is using USER SUBMITTED input directly into your database query.
    This could easily lead you into difficulties in the future as a hacker would have direct access to manipulate your database.

    Specifically look at mysql_real_escape_string().

    If youare just starting out with mysql, look at using PDO instead: http://php.net/pdo

    Ah, thank you so much! I am just starting out with MySQL, so thanks for the tips, it works now.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •