php mysql INSERT INTO mysql by using register form
Question
I am php beginner and I am trying to make e-commerce by using php. I am trying to make register form and I want to save these data into mysql server. The coding looks like OK, but the data did not store in mysql server. Could you give your answer for this? php language is first time that it is what I am struggled. Please give some advice. Thanks.
--registerForm.php--
<h4>Create a new account</h4>
<div class="box">
<form action="register.php" method="post">
<p>User ID: <input type="text" name="userId" size="30"/>*</p>
<p>Password: <input type="password" name="password" size="30"/>*</p>
<p>Retype Password: <input type="password" name="repassword" size="30"/>*</p>
<p>First Name: <input type="text" name="firstName" size="30"/>*</p>
<p>Last Name: <input type="text" name="lastName" size="30"/>*</p>
<p>Your Address (*):</p>
<p> <textarea name="address" rows="5" cols="30"></textarea></p>
<p>Phone: <input type="text" name="phone" size="20"/>*</p>
<p>E-mail: <input type="text" name="email" size="21"/>*</p>
<p><input type="submit" value="Create Account"/></p>
</form>
</div>
--register.php--
<?php
require "sql_connection.php";
if(isset($_POST['submit']))
{
if($_GET["userId"]==$_GET["repassword"]){
mysql_query("insert into customer (userId, password, firstName, lastName, address,
phone, email)
values
('$_GET[userId]','$_GET[password]','$_GET[firstName]','$_GET[lastName]','$_GET[address]','$_GET[phone]','$_GET[email]')")
or die(mysql_error());
}
echo "Done!!!!";
}
?>
--sql_connection.php--
<?php
$db_host = "localhost";
$db_username = "root";
$db_pass = "**MY_PASS**";
$db_name = "**MY_DB**";
@mysql_connect("$db_host", "$db_username", "$db_pass", "$db_name") or die("connection is fail.");
@mysql_select_db("$db_name") or die("database does not exsist.");
echo "Successfully connection!!";
?>
4 answers
solution1
3 ACCPTED
if($_GET["userId"]==$_GET["repassword"])
Why do you compare userid to a retype pssword field?
I think it should be :
if($_GET["password"]==$_GET["repassword"])
Also make sure you escape strings to prevent SQL Injection Attacks.
http://php.net/manual/en/function.mysql-real-escape-string.php
And Like Paul said, to correctly retrieve the data use $_POST
solution2
3 2012-02-15 00:01:13
Few things. Your $_GET and $_POST are mixed up. and NEVER post your db_pass and uername in public. Also, you're suppressing errors using @ . don't do that.
ie
if($_GET["userId"]==$_GET["repassword"]){
should be
if($_POST["userId"]==$_POST["repassword"]){
and changes all these to $_POST
Your code:
$_GET[userId]','$_GET[password]','$_GET[firstName]','$_GET[lastName]','$_GET[address]','$_GET[phone]','$_GET[email]')
Should be:
$_POST[userId]','$_POST[password]','$_POST[firstName]','$_POST[lastName]','$_POST[address]','$_POST[phone]','$_POST[email]')"
solution3
3
As your form method defined is POST so use $_POST to get values after submit instead of $_GET
require "sql_connection.php";
if(isset($_POST['submit']))
{
if($_POST["userId"]==$_POST["repassword"]){
mysql_query("insert into customer (userId, password, firstName, lastName, address,
phone, email)
values
('$_POST[userId]','$_POST[password]','$_POST[firstName]','$_POST[lastName]','$_POST[address]','$_POST[phone]','$_POST[email]')")
or die(mysql_error());
}
echo "Done!!!!";
}
?>
Values are not quoted properly. You should quote then before insert.
mysql_query("insert into customer (userId, password, firstName, lastName, address,
phone, email)
values
('".$_POST[userId]."','".$_POST[password]."','".$_POST[firstName]."','".$_POST[lastName]."','".$_POST[address]."','".$_POST[phone]."','".$_POST[email]."')")
solution4
0 2012-02-15 00:03:36
我认为您正在尝试做的是:
if($_GET["password"]==$_GET["repassword"]) {
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.