Submitting data to MySQL database using HTML/PHP form

--0016364c7e7d41b98e049cbb86cb
Content-Type: text/plain; charset=ISO-8859-1

Hi there,

I am creating a login page for my website. The users' information will be
stored in a MySQL database. I have a registration form on my home page, and
a separate file called "login.php" to process the user values. However, the
entries are not going to the MySQL database (even though the values can be
entered successfully using the command line).

I'd appreciate your insight on why the form entries are not making their way
to the MySQL database. Much thanks in advance!

This is the code for the form in home.php:

Re: Submitting data to MySQL database using HTML/PHP form

On Sun, Feb 20, 2011 at 14:11, Nazish Zafar wrote:
>
> $insert = "INSERT INTO user_info
> (login, password)
> VALUES
> ("$login", "$password");

You're using double-quotes to encapsulate your $insert variable
data, then never closing them. What's more, you're also using
double-quotes to encapsulate each individual variable in the query.
Rewrite $insert to this:

$insert = "INSERT INTO user_info(login,password)
VALUES('".mysql_real_escape_string($login)."',"'.mysql_real_ escape_string($password)."')";

--

Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Submitting data to MySQL database using HTML/PHP form

Daniel Brown wrote:
> On Sun, Feb 20, 2011 at 14:11, Nazish Zafar wrote:
>>
>> $insert = "INSERT INTO user_info
>> (login, password)
>> VALUES
>> ("$login", "$password");
>
> You're using double-quotes to encapsulate your $insert variable
> data, then never closing them. What's more, you're also using
> double-quotes to encapsulate each individual variable in the query.
> Rewrite $insert to this:
>
> $insert = "INSERT INTO user_info(login,password)
> VALUES('".mysql_real_escape_string($login)."',"'.mysql_real_ escape_string($password)."')";


Look at that one more time Dan. ;-)

Donovan




--
D Brooke

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Submitting data to MySQL database using HTML/PHP form

On Sun, Feb 20, 2011 at 16:43, Donovan Brooke wrote:
>>
>> =A0 =A0 =A0 =A0 $insert =3D "INSERT INTO user_info(login,password)
>>
>> VALUES('".mysql_real_escape_string($login)."',"'.mysql_real_ escape_strin=
g($password)."')";
>
>
> Look at that one more time Dan. ;-)

Yeah, well, that's why one should never copy and paste, and why I
shouldn't reply to a thread on quotes from my phone. Go figure. ;-P

--=20

Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Submitting data to MySQL database using HTML/PHP form

--0016e6541cf61ee772049cd69747
Content-Type: text/plain; charset=ISO-8859-1

Thanks! Even with the typo, the issue was resolved with your helpful
comments!

Thanks also for the pointer on using mysql_real_escape to 'sanitize' the
user input, it's definitely become a part of my coding.


On Mon, Feb 21, 2011 at 8:22 AM, Daniel Brown wrote:

> On Sun, Feb 20, 2011 at 16:43, Donovan Brooke wrote:
> >>
> >> $insert = "INSERT INTO user_info(login,password)
> >>
> >>
> VALUES('".mysql_real_escape_string($login)."',"'.mysql_real_ escape_string($password)."')";
> >
> >
> > Look at that one more time Dan. ;-)
>
> Yeah, well, that's why one should never copy and paste, and why I
> shouldn't reply to a thread on quotes from my phone. Go figure. ;-P
>
> --
>
> Network Infrastructure Manager
> Documentation, Webmaster Teams
> http://www.php.net/
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--0016e6541cf61ee772049cd69747--