输入的表单数据未保存在mysql db中？

Question

Here is my code which is not working properly

 <?php
 include('admin/class.php');

Here is my db connection:

 $hostname="localhost";
 $username="root";
 $password="";
 $dbhandle = mysql_connect($hostname, $username, $password)
 or die("Unable to connect to MySQL");
 echo "Connected to MySQL<br>"; 
 $se = mysql_select_db("timesheet1234",$dbhandle)
   or die("Could not select timesheet1234");
 echo "connected to db";

Here am doing the functionality after clicking the button:

 if(isset($_POST['save']))
 {  
 $sel=@$_POST['selpro'];
 $mon=@$_POST['mon'];
 $tue=@$_POST['tue'];
 $wed=@$_POST['wed'];
 $thu=@$_POST['thu'];
 $fri=@$_POST['fri'];
 $sat=@$_POST['sat'];
 $sun=@$_POST['sun'];

Here am writing the query functionality

 if(isset($_SESSION['user']))
 {
 echo "session user";
 $sql="UPDATE empdaytimesheet SET 
`project code`='$sel',`mon`='$mon',`tue`='$tue',`wed`='$wed',`thu`='$thu',`
 fri`='$fri',`sat`='$sat',`sun`='$sun' where `username`='".$_SESSION['user']."'";

 $res=mysql_query($sql,$dbhandle);

Here is the problem where it is not working:

    if($res){
         echo "<script type='text/javascript'>";
         echo "alert('TimeSheet Saved..!')";
         echo "</script>";
         echo "<script type='text/javascript'>";
         echo "window.location='my_timesheet.php'";
         echo "</script>";
      }
      else
      {
         echo "<script type='text/javascript'>";
         echo "alert('Some Error Occured ! Retry..!')";
         echo "</script>";
         echo "<script type='text/javascript'>";
         echo "window.location='my_timesheet.php'";
         echo "</script>";
      }
    }
  }
?>

Answer 1

Remove the '@' before $_POST and you should be fine.

However, your current script looks like it's vulnerable to SQLi.

And you are also using a deprecated extension. You should consider using MySQLi or PDO instead.

Check this answer on more information on how to make your code more secure.