Unable to insert data in Database using PHP.. below is my PHP code with Html. Thanks

ssandeep · August 7, 2014, 2:54am

<html>
<head>
<title> Registration form </title>
<style>
button{
font-family:verdana;
font-size:18px;
margin-left:50px;
height: 35px;
border-radius: 16px;
width:230px
}
</style>
</head>
<body bgcolor=“#f2bb66” text=“maroon”>
<form action=“singup.php” method=“post” name=“form1”>
<table align=“center” border=“3”>
<tr><td colspan=‘5’>
<h1 align=“center” > Registration Form </h1></td></tr>
<tr><td>Name:</td>
<td><input type=“text” name=“name” autofocus></td></tr>
<br>
<tr><td>UserName:</td>
<td><input type=“text” name=“username”/></td>
</tr>
<br>
<tr>
<td>Password:</td>
<td><input type=“Password” name=“password”/></td>
</tr>
<br>
<tr><td>Gender:</td>
<td><input type=“radio” name=“gender” value=“Male”/> Male
<input type=“radio” name=“gender” value=“Female”/> Female <br/></td>
</tr>
<br>
<tr><td>Date of Birth:</td>
<td><input type=“date” value=“0000-00-00;” name=“dob”></td>
</tr>
<tr><td>Address:</td>
<td><textarea name=“address” rows=2" cols=“17” name=“address”> </textarea></td>
</tr>
<tr><td>City:</td>
<td><input type=“text” name=“city”> </td>
<br>
<tr><td>Country:</td>
<td><input type=“text” name=“country”></td>
</tr>
<tr><td>Phone number:</td>
<td> <input type=“text” name=“phone”/><br/></td>
</tr>
<br>
<tr><td>Email Address:</td>
<td> <input type=“text” name=“email”/> <br/></td><tr>
<br>
<tr><td colspan=‘5’><p><button> Register</button></p></td><tr>
</table>
</form>
</body>
</html>
<?php
$name=$_POST[‘name’];
$username=$_POST[‘username’];
$password=$_POST[‘password’];
$gender=$_POST[‘gender’];
$dob=$_POST[‘dob’];
$address=$_POST[‘address’];
$city=$_POST[‘city’];
$country=$_POST[‘country’];
$phone=$_POST[‘phone’];
$email=$_POST[‘email’];
$con=mysql_connect(“localhost”, “root”, “tiger”);
if(! $con )
{
die('Could not connect: ’ . mysql_error());
}

mysql_select_db(“registration”,$con);
$sql=“INSERT INTO users VALUES (‘Null’, ‘$name’, ‘$username’, ‘$password’, ‘$gender’, ‘$dob’, ‘$address’, ‘$city’,‘$country’ ‘$phone’, ‘$email’)”;
$retval = mysql_query($sql,$con);
if(! $retval )
{
die('Could not enter data: ’ . mysql_error());
}
echo "Entered data successfully
";
?>

arout77 · August 7, 2014, 3:46am

It looks like you have a typo: form action=“singup.php”

I assume it is supposed to be signup.php, not singup.php? That will explain the problem if so.

SpacePhoenix · August 7, 2014, 6:36am

Please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn’t tie you down so much to a particular database server software.

Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.

oluwa · August 9, 2014, 3:16pm

how about sanitizing the user input? Any help on it?

SpacePhoenix · August 10, 2014, 6:04am

There’s a few options for sanitizing:

filter_var() This has a number of filter options which can be applied to variables.
The “is” functions (is_bool, is_float, is_integer, is_null, is_numeric, is_string)
isset() determines if the user has submitted anything
strlen() Gets the length of a string, does the length of the string fall within the range that you expect