user info is not being saved into my database

Question

okay so i'm having a problem with my database. I'm trying to create a registration page, and everything works with no problem. I'm using xampp phpmyadmin, and everytime I hit the registration button after entering some info, nothing comes up in my database.

<?php
session_start();

$db = mysqli_connect("localhost", "root", "", "saver",);


if (isset($_POST[ 'register_btn'])) {
session_start();
$username = mysql_real_escape_string($db,$POST['username']);
$email = mysql_real_escape_string($db,$POST['email']);
$password = mysql_real_escape_string($db,$POST['password']);
$password2 = mysql_real_escape_string($db,$POST['password2']);

if ($password == $password2) {
//create user
$password = md5($password); //hashes password before entering into database
$sql = "INSERT INTO users(username, email, password) VALUES('$username',     $email', $password,)"; 
mysqli_query($db, $sql);
$_SESSION['message'] = "You are now logged in";
$_SESSION['username'] = $username;
header("location: home.php"); // Redirect to home page
}else{
$_SESSION['message'] = "The two passwords do not match";
    }
}
?>

<html> 
<head>
<title> Submission form </title>
</head>

<body>
<form method="post" action="saver.php">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" class="textInput">
</tr>

<tr>
<td>Email:</td>
<td><input type="email" name="email" class="textInput">
</tr>

<tr>
<td>Password:</td>
<td><input type="password" name="password" class="textInput">
</tr>

<tr>
<td>Password again:</td>
<td><input type="password" name="password2" class="textInput">
</tr>

<tr>
<td></td>
<td><input type="submit" name="register_btn" value="Register">
</tr>
</table>
</form>
</body>
</html>

Answer 1

You can discover and solve all of the issues you are having by TURNING ON AND READING PHP ERROR LOGGING. Read How to do that .

Your problem is in these lines:

$db = mysqli_connect("localhost", "root", "", "saver",);

and

$username = mysql_real_escape_string($db,$POST['username']);

firstly, your $db has a left over comma at the end, remove it. This is causing a probably fatal PHP error you should be picking up with your error reporting .

Secondly, the $db object is a MySQLi identifier, NOT a MySQL identifier, but you've passed it to a MySQL_ function. Therefore the script will either cease on an error or the database will insert empty values. This is why you're not getting anything saved.

Also (as noted by Luke) the MySQL_ functions have an inverted argument order, so you probably simply forgot to add the i to the function name!

You have also not properly encased your values in MySQL -- each value will need to be wrapped in single quotes such as you have done with '$username' you need to do the same thing with $email and $arseword .

And you also need to remove the trailing commas from your MySQL VALUES collection too...

A few extra notes:

• You're using both mysqli_ and mysql_ functions in you code. You should only be using MySQLi_ functions.
• You should seriously consider (as in; DO THIS!!! ) using Prepared Statements rather than procedural SQL.
• MD5 is absolutely not suitable for hashing passwords. Stop it. Use password_hash .
• header(Location:); relocation directives should be immediately followed by a script terminator such as exit; or die();
• session_start() should only be called once at the top of the script.
• Seriously, Use prepared statments. There are hundreds of good examples of them around.
• And you will save yourself (and many folks on SO) hundreds of hours of stress by using and reading and reacting to PHP Error Logging !

EDIT:
As clarified by Luke :

The actual problem is mysql_real_escape_string accepts only one parameter (ie mysql_real_escape_string($POST['username']);). It can be used regardless of MySQLi being in use or not, but it should of course be avoided for using prepared statements instead.

Answer 2

hey guys I found the problem. it was in the insert part. I had "users" in my editor, and I had "user_info" in my database. So I just changed "users", to "user_info". Thank you so much for your help guys. How can I give you credit?