Mysql query problem

cools_sonu · January 21, 2010, 3:15pm

<?php 
echo "<h1 align='center'>Register</h1>";

$submit = isset($_POST['submit']);

if ($submit){
	$fullname = strip_tags($_POST['fullname']);
	$username = strip_tags($_POST['username']);
	$password = strip_tags($_POST['password']);
	$cpassword = strip_tags($_POST['cpassword']);
	

//Step one Check for existance
	if ($fullname && $username && $password && $cpassword) {
		
		//Step two Password Matching
		if ($password == $cpassword) {
			
			//Step three Checking of character lenghts of the variables
			if (strlen($username)>25 || strlen($fullname)>25) {
				echo "Max limit for username or fullname are 25 characters";
			} else {
				if (strlen($password)>25 || strlen($password)<6){
				echo "Password must be in between 6 to 25 characters";
			} else {
				//Registration Process
				
				//Step four Encryption of password into hash value for security reason.
				$password = md5($password);
		
				//Step Five Connect and select the database.
					// Step 5.1 Connect the database
					$connect = mysql_connect("localhost", "root", "");
					//Step 5.2 Select the Database
					mysql_select_db("learning", $connect);
				
				//Step 6 Query the database and inster the data into the databse.
					//Step 6.1 Query the database
					$querry	="INSERT INTO users (name, username, password) 
										VALUES ('{$fullname}', '{$username}, '{$password}')";						
													
					mysql_query($querry, $connect);
					
					die("Congratulation! You have been registered. <br ><a href='index.php'>Click here</a> to return to login page. Thank you!");
				
			} //End of "else {//Registration Process"
			}
		}//End of if ($password == $cpassword) {
		else {
			echo "Your password fields do not match, please try again";
		}		
	}//End of if ($fullname && $username && $password && $cpassword) {
	else { 
		echo "Please fill in all the fields";
	}
}// End of if ($submit){

?>

<html>
<body>
<form action="register.php" method="post">
	<table>
    	<tr>
        	<td>
            	Your Full Name:    
            </td>
            <td>
            	<input type="text" name="fullname">
            </td>
        </tr>
        <tr>
        	<td>
            	Choose Username:    
            </td>
            <td>
            	<input type="text" name="username">
            </td>
        </tr>
        <tr>
        	<td>
            	Choose Password:    
            </td>
            <td>
            	<input type="password" name="password">
            </td>
        </tr>
        <tr>
        	<td>
            	Confirm Password:    
            </td>
            <td>
            	<input type="password" name="cpassword">
            </td>
        </tr>
  </table>
<div>
  <input type="submit" name="submit" value="Proceed in!" />
</div>

</form>
</body>
</html>

I’m unable to insert any data into mysql database, and I’m not able to figure out any problem neither this is showing any error message. I’m stuck, not able to login in with my new registered ids, as in the time of login in says no such user exists. So in all this scipt is unable to insert any data into the database.

CreedFeed · January 21, 2010, 3:19pm

Try changing your connect and query statements like this to see errors:


$connect = mysql_connect("localhost", "root", "") or die('Connect failed: ' . mysql_error());
...
...
mysql_query($querry, $connect) or die('Query failed: ' . mysql_error());

cools_sonu · January 21, 2010, 3:39pm

Thanx buddy

it was really a very silly and funny mistake… haha

But it took my 1 hr too and still I was not able to solve it… u are the savior. It was just a very minor mistake.

system · January 21, 2010, 5:16pm

Consider sanitizing form input, or you’ll be in danger of sql injection.
for mysql functions you’re using it will be mysql_real_escape_string() function that must be applied to every literal going to database.

But it took my 1 hr too and still I was not able to solve it… u are the savior. It was just a very minor mistake.

With proper error reporting you’ll spot it in a second.
error_reporting(E_ALL) is the least acceptable level

SpacePhoenix · January 21, 2010, 5:37pm

cools_sonu, have a read of this, it explains what sql injection is and a number of of other security related things.

rajeevbharti · January 22, 2010, 11:34am

hi friend you are used wrong syntax on this line
$querry ="INSERT INTO users (name, username, password)

                                    VALUES ('{$fullname}', '{$username}, '{$password}')"

use like this

$querry =“INSERT INTO users (name, username, password) VALUES (‘$fullname’, '$username, ‘$password’)”;

dont use {} in value field.

system · January 22, 2010, 11:49am

These braces unnecessary here, but not a wrong syntax. They belongs to PHP syntax, not SQL and will be replaced with actual variable content.

SpacePhoenix · January 22, 2010, 8:11pm

After the line:

 $querry    ="INSERT INTO users (name, username, password)  
                                        VALUES ('{$fullname}', '{$username}, '{$password}')";

add this line:

echo $querry;

Does the echoed query contain the values that your are expecting?

Topic		Replies	Views
User Login Registration PHP	25	4166	September 13, 2010
Having trouble with function PHP	6	677	October 8, 2014
Register Form. Why the function mysql_query($query); retuns FALSE? PHP	5	3025	October 8, 2014
Checking if username is already taken Databases	30	20370	October 8, 2014
Data not going into mySQL db PHP	2	666	July 25, 2016

Mysql query problem

Related topics