Error saving username to mysql table

HI guys. I need help. Am getting a weird error after inserting data to mysql table. The username appear as numbers instead of text. example in coloumn username am getting 34334354 instead of the actual username.

Hi kiiyanatz, welcome to the forum

What do the table schema, INSERT and SELECT look like?

here is my insert

		//Get the info from the add form
		$name = $_POST['idv_name'];
		$theAge = $_POST['idv_age'];
		$dob = $_POST['idv_dob'];
		$gender = $_POST['idv_gender'];
		$notes = $_POST['idv_notes'];
		$imageURL = $_POST['image_url'];
		//Getting the video file
        $video = $_FILES['idv_video']['name'];
        $idv_video_tmp = $_FILES['idv_video']['tmp_name'];
		//Getting the image
        $image = $_FILES['idv_image']['name'];
        $idv_image_tmp = $_FILES['idv_image']['tmp_name'];
		//add time to the current filename
		$name = basename($url);
		list($txt, $ext) = explode(".", $name);
		$name = $txt.time();
		$name = $name.".".$ext;
		//check if the files are only image / document
		if($ext == "jpg" or $ext == "png" or $ext == "gif" or $ext == "doc" or $ext == "docx" or $ext == "pdf"){
		//here is the actual code to get the file from the url and save it to the uploads folder
		//get the file from the url using file_get_contents and put it into the folder using file_put_contents
		$upload = file_put_contents("idv_images/$image",file_get_contents($imageURL));
		//check success
		if($upload) { 
		echo "Please upload only image/document files";

		//Add to database
		$query = "INSERT INTO db_idv (idv_name, idv_age, idv_dob, idv_image, idv_video, idv_gender, idv_notes) values ('$name', '$theAge', '$dob', '$image', '$video', '$gender', '$notes')";

		//Execute query

This post has been reformatted by enclosing the code block in 3 backticks
on their own lines.

Your insert isn’t even referencing that column.

Also did you leave out all of the field validations just for the purpose of simplifying the code we are looking at or does your code really allow your visitors to insert any junk they like into your database?

Also you are using antiquated mysql_ calls that have been deprecated for a long time and will no longer be supported by the next version of PHP - when do you intend to convert to mysqli_ or PDO (as everyone was advised to do several years ago when it was announced that the mysql_ interface was to be removed soon).

@kiiyanatz are you aware that the old mysql_* extension has been deprecated as of version 5.5 of PHP? When your working with the database and user submitted data you need to first sanitize the data that has been submitted by the user, for example take a username field, you should be checking:

  1. Has the user submitted any data for the field
  2. Is the submitted data within the size range that you expect for example you might want the username to be at least 8 characters but less then say 16 characters
  3. Is there any characters that you don’t allow been included in the username
  4. Has the user tried to inject any javascript?

One stage of the processing if its for example a registration script would be to check to see if a username has already been used and if it has, display an error to the user.

When sending the data to the database in a query you should use prepared statements which will prevent SQL injection attacks

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.