Why isn't this submitting to mysql?
Question
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="ureviewdu"; // Database name
$tbl_name="Student"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
/* Obliterate bad input */
$secUser = mysql_real_escape_string($_POST['reguser']);
$badpasses = $_POST['regpass'];
$salt = '~Z`!@#$%I^&*()_-+Q=}]{[\|"><';
$secPass = md5($badpasses.$salt);
$sql = "INSERT INTO Student (uname, pass, fname, lname, email, currGrade) VALUES('$secUser','$secPass','$_POST[regfirst]','$_POST[reglast]','$_POST[regemail]','$_POST[regclassrank]')";
$result = mysql_query($sql);
if ($result) {
echo "Thanks for signing up!";
} else {
echo "Failed.";
}
?>
HTML
<form action="inc/register/register.php" method="post" id="userRegistration">
<div class="cen"><h5>User Credentials</h5></div>
<div class="field required">
Username: <input type="text" name="reguser" tabindex="1" /><br />
</div>
<div class="field required">
Password: <input type="password" name="regpass" tabindex="2" /><br />
</div>
<div class="cen"><h5>User Details</h5></div>
<div class="field required">
First Name:<input type="text" name="regfirst" tabindex="3" /><br />
</div>
<div class="field required">
Last Name:<input type="text" name="reglast" tabindex="4" /><br />
</div>
<div class="field required">
Email:<input type="text" name="regemail" tabindex="5" /><br />
</div>
<div class="field required">
Current Class:<select name="regclassrank" tabindex="6">
<option disabled="disabled">Select Class</option>
<option value="1">Freshman</option>
<option value="2">Sophomore</option>
<option value="3">Pre-Junior</option>
<option value="4">Junior</option>
<option value="5">Senior</option>
<option></option>
</select>
</div>
<br />
<div class="cen"><input type="submit" name="submitUser" /></div>
</form>
Does anyone see anything wrong with this? It submits fine, but then nothing is INSERTED into the database....
3 answers
solution1
2 ACCPTED 2011-08-04 23:40:09
You must execute the query with mysql_query .
$sql = "INSERT INTO Student (uname, pass, fname, lname, email, currGrade) VALUES('$secUser','$secPass','$_POST[regfirst]','$_POST[reglast]','$_POST[regemail]','$_POST[regclassrank]')";
$result = mysql_query($sql);
if ($result) {
echo "Thanks for signing up!";
} else {
echo "There was an error processing your request. Please try again.";
}
solution2
1 2011-08-04 23:38:12
You're creating an SQL string (in the worst way) that will permit SQL Injection (A security problem), then you assign it to a variable '$sql'.
That's it. I don't see you using that string in any other fashion. You're certainly not submitting it to mysql.
solution3
1 2011-08-05 00:31:57
An alternative is to use PDO...
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="ureviewdu"; // Database name
$tbl_name="Student"; // Table name
$return='';
if(isset($_POST)){
$continue=true;
if(empty($_POST['reguser']) || strlen($_POST['reguser']) < 3){$continue=false;}
if(empty($_POST['regpass']) || strlen($_POST['regpass']) < 6){$continue=false;}
if(empty($_POST['regfirst']) || strlen($_POST['regfirst']) < 3){$continue=false;}
if(empty($_POST['reglast']) || strlen($_POST['reglast']) < 3){$continue=false;}
if(empty($_POST['regemail']) || filter_var($_POST['regemail'], FILTER_VALIDATE_URL)==false){$continue=false;}
if(empty($_POST['regclassrank']) || is_int($_POST['regclassrank'])==false){$continue=false;}
if($continue===true){
//Attempt to insert
try{
$dbh = new PDO("mysql:host=$host;dbname=$db_name", $username, $password);
/*** set the error reporting attribute ***/
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/*** variables ***/
foreach($_POST as $key=>$value){
if(get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
$values[$key]=$value;
}
/*** prepare the SQL statement ***/
$stmt = $dbh->prepare("INSERT INTO $tbl_name (uname, pass, fname, lname, email, currGrade)
VALUES(:uname,:upass,:fname,:lname,:email,:currGrade)");
/*** bind the paramaters ***/
$salt = '~Z`!@#$%I^&*()_-+Q=}]{[\|"><';
$stmt->bindParam(':uname', $values['reguser']);
$stmt->bindParam(':upass', sha1($salt.$values['regpass']));
$stmt->bindParam(':fname', $values['regfirst']);
$stmt->bindParam(':lname', $values['reglast']);
$stmt->bindParam(':email', $values['regemail']);
$stmt->bindParam(':currGrade', (int)$values['regclassrank']);
/*** execute the prepared statement ***/
$stmt->execute();
$return='Thanks for signing up!';
/*** close the database connection ***/
$dbh = null;
}catch(PDOException $e){
$return='Failed:'. $e->getMessage();
}
}else{
$return='All fields are required';
}
}
echo $return.
'<form ...........';
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Form data is submitting, but isn't going into mySQL
PHP code isn't submitting into mysql database
PHP code submitting to MySQL isn't working
Why Isn't This Form Auto-Submitting Upon File Select?
Why isn't my form submitting data into my database?
My form isn't submitting
Why isn't the mysql database updating in this case?
Why isn't data inserted into MySQL?
Why isn't this easy join working? (mysql)
Why data isn't showing php mysql
Related Tags