Form data not being sent to MySql database

Question

Have a simple registration form that is being linked to a php file in order to send the info to a database but everytime i try it the data isnt showing up in the phpMyAdmin database??

<?php

$name = $_POST['name'];
$address = $_POST['address'];
$number = $_POST['number'];
$email = $_POST['email'];
$details = $_POST['details'];

$user="root";
$password="secure";
$database="darrenweircharity";
mysql_connect("localhost",$user,$password);
@mysql_select_db($database) or die ("Unable to select database");

$query = "INSERT INTO registrationdetails(name, address, number, email, details)".
"VALUES('$name', '$address', '$number', '$email', '$details' NOW())";
mysql_query($query);
mysql_close();
?>

Please *don't* use values from `$_POST` directly in your query. — gen_Eric, Dec 06 '12 at 15:57
Use PDO, reorganize your code, and replace with VALUES('".$name."', '".$address."', '".$number."', '".$email."', '".$details."') — ka_lin, Dec 06 '12 at 15:58
Did you try to do "mysql_query() or die(mysql_error)"?. Other than that, you have no space between the table name and the list of columns (which has no column listed for the "NOW()" value), and a missing comma between "$details" and "NOW()". — Ivan Pintar, Dec 06 '12 at 15:58

score 1 · Answer 1 · edited May 25 '19 at 14:48

1

Please, don't use mysql_* functions in new code. They are no longer maintained and the deprecation process has begun on it. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Try with:

$query = "INSERT INTO registrationdetails(name, address, number, email, details)".
         "VALUES('" . $name . "', '" . $address . "', '" . $number . "', '" . $email . "', '" . $details . "');";

You have NOW() at the end of the query that shouldn't be there.

Also note that your code has an SQL injection vulnerability (see mysql_real_escape_string()), I suggest you to prepare queries via PDO.

edited May 25 '19 at 14:48

Zoe

27,060
21
118
148

answered Dec 06 '12 at 15:57

jacoz

3,508
5
26
42

Get it right first time :P I've seen you edit your post a good three times so far; – Daryl Gill Dec 06 '12 at 16:05
@DarylGill what's the matter? I improve my answer! – jacoz Dec 06 '12 at 16:06

score 0 · Answer 2 · answered Dec 06 '12 at 15:58

protect from possible SQL injection:

$name = mysql_real_escape_string($name);
$address = mysql_real_escape_string($address);
$number = mysql_real_escape_string($number);
$email = mysql_real_escape_string($email);
$details = mysql_real_escape_string($details);

replace with:

$query = "
INSERT INTO registrationdetails (`name`, `address`, `number`, `email`, `details`)
VALUES ('$name', '$address', '$number', '$email', '$details')");

score 0 · Answer 3 · answered Dec 06 '12 at 16:21

$query = "
    INSERT INTO registrationdetails (name, address, number, email, details, date_time)
    VALUES ('{$name}', '{$address}', '{$number}', '{$email}', '{$details}', NOW())
";

Replace the date_time with your column_name. And remember to escape all submitted values with mysql_real_escape_string before inserting them into the database.

Form data not being sent to MySql database

3 Answers3