Insert String To Mysql Important

Hi everyone!

I have completed the MySQL Table creation. but now I have a little larger problem

I can't create a string on it. I have here a php code that take info from a form, and it should create a new string in the database but it doesn't (I'm working in localhost, with MySQL, Apache, PHP):

<?php//Increasing maximum exection time of the scriptset_time_limit(120);echo '<p>Connectiong to MySQL server <br>';$dbName = 'skeletons';	//database name$userName = 'root';   //User name $password = '';   //Password$localHost = 'localhost';	  //Server //Connecting to MySQLif (!mysql_connect($localHost, $userName, $password)){echo '<p>Error while trying to connect to MySQL'.mysql_error(); exit;}echo '<p>Connected !';$username = $_REQUEST['username'];$pass = $_REQUEST['pass1'];$name = $_REQUEST['name'];$surname = $_REQUEST['surname']; //Insert into Mysql Database:mysql_query("INSERT INTO `user` (`Id`, `username`, `password`, `name`, `surname`) VALUES ('', '$username', '$pass', '$name', '$surname'); ");  // Show a alert when data inserted to Mysql.echo "<script language=javascript>alert('Data inserted to Mysql Databse!'); window.location = 'index.php'; </script>";		 ?>

The script it woek, I mean I have now error messages, but then When I check in the database, there in no information entered!!!

what is worng??? (probably the query code)

10x

hi , test this query

mysql_query("INSERT INTO `user` (`username`, `password`, `name`, `surname`) VALUES ( '$username', '$pass', '$name', '$surname'); ");

Your Id must be remove
if you can paste here your sql file
thanks

If the ID is auto-incremented (and my memory serves me correctly), you don't need to mention it when you're inserting a new row. Also, according to http://forums.xisto.com/no_longer_exists/,

When a string is specified in double quotes or with heredoc, variables are parsed within it.

so I don't think that variables are expanded within single quotes.

ok I did something like that:

<?php //Increasing maximum exection time of the script set_time_limit(120); echo '<p>Connectiong to MySQL server <br>'; $dbName = 'skeletons';	//database name $userName = 'root';   //User name $password = '';   //Password $localHost = 'localhost';	  //Server //Connecting to MySQL if (!mysql_connect($localHost, $userName, $password)) { echo '<p>Error while trying to connect to MySQL'.mysql_error(); exit; } echo '<p>Connected !'; $username = $_POST['username']; $pass = $_POST['pass1']; $name = $_POST['name']; $surname = $_POST['surname']; //THIS IS IN ORDER TO BE SURE THAT I'M REALLY GETTING DATA FROM THE FORMecho "<br>saved:<br>"; echo $username . "<br>";echo $pass . "<br>"; echo $name . "<br>"; echo $surname . "<br>"; //Insert into Mysql Database: mysql_query("INSERT INTO `user` (`Id`, `username`, `password`, `name`, `surname`) VALUES ('', '$username', '$pass', '$name', '$surname'); "); // Show a alert when data inserted to Mysql. echo "<script language=javascript>alert('Data inserted to Mysql Databse!'); window.location = 'index.php'; </script>";		 ?>

Now, I'm getting a perfect page, everything ok. The only problem is that when I chek my database, I see that infos have not been added!!!

UFFFF I'm getting stressed
Edited August 26, 2006 by alexviii (see edit history)

It doesn't look like you changed anything aside from adding the form data check. Just take out the `Id` part so the query looks like this:

mysql_query("INSERT INTO `user` (`username`, `password`, `name`, `surname`) VALUES ('$username', '$pass', '$name', '$surname'); ");

Then it should work.

Why dont you check the error that is getting out.

First of all you have not traped the result of the INSERT in a VAR. Also the query might not be even happening as there is no '@' sign if you are not using a VARIABLE to trap the result.

I prefer to use the folloing method :

 

//Make the QUERY$query = "INSERT INTO `user` ( `username`, `password`, `name`, `surname`) VALUES ('$username', '$pass', '$name', '$surname')";//echo $query;$result = mysql_query($query, $conn);if(!$result){				   die('Could not INSERT in users. Error '.string mysql_error ($conn).'');				}

If it dies there is an error in the code.

First try the query in PHPMyAdmin and then see it.

 

But the $conn would be missing in your case as you did not save the Link to MySQL as a link idnetifier.

So for connecting to the database use:

 

 

/* Database Connection */$user="root";$password="";$database="efp";$dbprefix = '';$conn = mysql_connect("localhost", "$user", "$password");@mysql_select_db($database) or die( "Unable to select database");/* Ending - Database Connection */

By THE way i foiund the ERROR - WHERE ARE YOU SELECTING THE DATABASE IN YOUR SCRIPT.

 

Also the query would go haywire if someone uses inverted commas in the form and could possibly INJECT your database and hack it.

Use htmlentites() function in PHP to avoid this INJECTION.

 

HOPE this helps.