My Form Isn't Updating My MySQL Database Table

Radecut · March 24, 2013, 2:50pm

So I started an PHP login system, and the login works, but when I try to make a registration form, it just won’t work. I have a database table named members, and it has three columns, named id, username, and password. The HTML is this.

<form name="form2" method="POST" action="checkregister.php" id="registerform">
    <fieldset>
    	<legend>Register</legend>
        <label for="newusername">Username:</label>
        <input type="text" name="newusername" id="newusername" class="textinput" /><br/>
        <label for="newpassword">Password:</label>
        <input type="text" name="newpassword" id="newpassword" class="textinput" /><br/>
        <input type="submit" name="Submit" value="Register" />
    </fieldset>
</form>

And then my PHP script goes like this. My database info is also correct.

<?php
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $newusername and $newpassword
$newusername=$_POST['newusername'];
$newpassword=$_POST['newpassword'];
mysql_query("INSERT INTO members(id, username, password) VALUES(' ', $newusername', '$newpassword')");
Print "Registration Completed";
?>

Any help would be appreciated, thank you!

SpikeZ · March 24, 2013, 3:35pm

hi, you are missing a ’ before $newusername in your query string.

Echo out a mysql error message to give you a clue as to what is happening.
eg



mysql_query("INSERT INTO members(id, username, password) VALUES(' ', $newusername', '$newpassword')") or die(mysql_error());

Also as a piece of advice, please look at SQL Injection as your query is using USER SUBMITTED input directly into your database query.
This could easily lead you into difficulties in the future as a hacker would have direct access to manipulate your database.

Specifically look at mysql_real_escape_string().

If youare just starting out with mysql, look at using PDO instead: http://php.net/pdo

Radecut · March 24, 2013, 4:04pm

spikeZ:

hi, you are missing a ’ before $newusername in your query string.

Echo out a mysql error message to give you a clue as to what is happening.
eg
mysql_query("INSERT INTO members(id, username, password) VALUES(' ', $newusername', '$newpassword')") or die(mysql_error());
Also as a piece of advice, please look at SQL Injection as your query is using USER SUBMITTED input directly into your database query.
This could easily lead you into difficulties in the future as a hacker would have direct access to manipulate your database.

Specifically look at mysql_real_escape_string().

If youare just starting out with mysql, look at using PDO instead: http://php.net/pdo

Ah, thank you so much! I am just starting out with MySQL, so thanks for the tips, it works now.