www.webdeveloper.com
Results 1 to 5 of 5

Thread: Insert into a database table

  1. #1
    Join Date
    Mar 2008
    Posts
    12

    Insert into a database table

    Being a new one in php I am trying to learn simple login example from the video from "TheProgrammingSchool.com" but this code to insert data in the table named "user_info" in the database "users" is not working. But in his video it seems it is working, may be I am doing something wrong. can anyone looked into the code below.
    "user_info" table consists of "user_id","username","password" and "email. Here is the code
    Code:
    <?php
    mysql_connect('localhost','root','');
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title> USERS LOGIN SYSTEM</title>
    </head>
    
    <body>
    
    <?php 
    
    if(!isset($_POST['submit'])) {
    ?>
            <form action="index.php" method="post">
            <table border="1">
            <tr>
            <td>Username</td><td><input type="text" name="username"></td>
            </tr>
            <tr>
            <td>Password</td><td><input type="password" name="password"></td>
            </tr>
            <tr>
            <td>Password Confirm</td><td><input type="password" name="passwordconf"></td>
            </tr>
            <tr>
            <td>Email</td><td><input type="text" name="email"></td>
            </tr>
            <tr>
            <td colspan="2" align="center">
            <input type="submit" value="CreateUser" name="submit"></td>
            </tr>
            </table>
            </form>
    <?php
       }
       else {
          $username=$_POST['username'];
          $password = $_POST['password'];
          $passwordconf = $_POST['passwordconf'];
          $email = $_POST['email'];
          $errors = array();
          if(!$username) {
          $errors[1] = "You have not entered your username.";}
          if(!$password) {
          $errors[2] = "You have not entered your password.";}
          if(!$passwordconf) {
          $errors[3] = "You have not enetered your password confirmation.";}
          if($password !=$passwordconf) {
          $errors[4] = "You password and password confirmation mismatched.";}
          if(!$email) {
          $errors[5] = "You have not enetered your email.";
       }
       
          if( count($errors)>0) {
          foreach($errors as $error){
          echo "$error<br>";
       }
       }
       
       else{
          
          mysql_query("INSERT INTO 'users'.'user_info'
          
          ('username','password','email')
          
          VALUES('".$username."', '".md5($password)."','".$email."');");
           
           }
    }
    
    ?>
    </body>
    </html>

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,616
    Before diving into the code, have you in fact created the necessary database and tables for this?

    Secondly, add some debugging stuff to have PHP tell you everything it knows, plus let's make sure you're really connecting:
    PHP Code:
    <?php
    ini_set
    ('display_errors'true);
    error_reporting(E_ALL);

    if(
    mysql_connect('localhost''root''') == false) {
        die(
    "DB connx error: ".mysql_error());
    }

    // rest of code
    ?>
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Mar 2008
    Posts
    12
    I have created database named "users" and one table for this database named "user_info". Is the rest of the code ok. I will follow your instruction as well. Thanks for the reply.

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,616
    Here's one problem:
    PHP Code:
       else{
          
          
    mysql_query("INSERT INTO 'users'.'user_info'
          
          ('username','password','email')
          
          VALUES('"
    .$username."', '".md5($password)."','".$email."');");
           
           }

    In MySQL the character for quoting table/column names is the left quote or back-tick: `
    You have a 'normal' quote around them: '
    That 'normal' (or straight) quote is only for literal character values, such as you have around the variables in the VALUES() clause.

    On a side note, you are inserting the $username and $email values without any sort of escaping, leaving your script open to SQL injection. (The md5() of the password should take care of any issues in that case, though you really should be using at least sha1() with a "salt" for better security.) So....
    PHP Code:
    else{
          
    $sql sprintf(
                
    "INSERT INTO `users`.`user_info`
                (`username`,`password`,`email`)
                VALUES('%s', '%s', '%s'"
    ,
                
    mysql_real_escape_string($username),
                
    md5($password),
                
    mysql_real_escape_string($email)
          );
          if(
    mysql_query($sql) == false) {
                
    $error "Query failed: ".mysql_error().PHP_EOL.$sql;
                if(
    ini_get('display_errors')) {
                      die(
    $error);
                }
                else {
                      
    error_log($error);
                      die(
    "Sorry, an unexpected database error occurred and has been logged.");
                }
          }

    And while we're at it, the MySQL extension is now officially deprecate in the latest PHP release, so you really should be moving on to either the MySQLi extension, or even the PDO extension (preferably getting all object-oriented with them and making use of prepared statements to take care of SQL injection issues. )
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Mar 2008
    Posts
    12
    Thanks for the information and I am really thankful to you for this valuable advise. However at present I could not insert the data in the table "user_info"( having four place naming "user_id", "username", "password", "email" ) in the database "users". Can you test this and check why the data from the form is not inserted into the table (user_info).
    Thanks for the reply.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles