Can't insert data into MYSQL from a html form

Question

I want to do a simple registration form that stores data in the database but it doesn't seem to be working for me.

This is my html code:

<html>
<body>
    <form method="post" name="register" action="register.php">
    <table>
    <tr>
    <td>User Name:</td>
    <td><input type="text" name="name"></td>
    </tr>
    <tr>
    <td>User Email:</td>
    <td><input type="text" name="email"></td>
    </tr>
    <tr>
    <td>User Role:</td>
    <td><input type="text" name="role"></td>
    </tr>
    <tr>
    <td><input type="submit" name="SubmitForm" value="Save"></td>
    </tr>

</form>
</body>
</html>

And this is my PHP code:

<?php
// Make a MySQL Connection

$user="root";
$password="my password";
$database="playtime";
$host="localhost";
$table="ttuser";

mysql_connect($host, $user, $password) or die("Connection Failed");
mysql_select_db($database) or die("Connection Failed");

$name = $_POST['name'];
$email = $_POST['email'];
$role = $_POST['role'];

// Insert a row of information into the table "ttuser"

$query = "INSERT INTO ttuser (uemail, uname, urole) VALUES('$email', '$name', '$role')";
if(mysql_query($query)){
echo "inserted";}
else{
echo "fail";}

?>

it connects to the database fine, but when I click submit on the html page it goes to php but doesn't show anything. Can someone please help ?

SO, when people will stop copying sql injections from tutorials? — Peter, Jan 16 '13 at 22:27
The first place to check is the Apache error log. If you've installed MAMP or another stack service on your personal computer, the dialog box often has a button to "Show Apache logs". Run the script, note any errors that appear. If that isn't an option or doesn't help, try echoing something out before vs. after the IF statement, to identify exactly where the script crashes. Thirdly, as Peter implies, be sure to learn about proper SQL sanitization. Injecting variables as you've done is a dangerous thing. — Topher Hunt, Jan 16 '13 at 22:34
Checking the return value of `mysql_query` is a start, but then you need to show what the error is by printing the value of [`mysql_error`](http://php.net/manual/en/function.mysql-error.php). Then, you can update your code and your post and tell us what that error is. Errors are not just pass/fail. The failures are descriptive and you need to read and understand them. — Andy Lester, Jan 16 '13 at 22:35
@PeterSzymkowski I'm sorry that an absolute new starter cannot write PHP code without copying bits from tutorials — elmify, Jan 16 '13 at 22:37
You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Jan 16 '13 at 22:41
@TopherHunt thanks for pointing that out, I'm an ABSOLUTE beginner so your input helps — elmify, Jan 16 '13 at 22:51
I have checked the error log and there aren't any errors showing. Could it be not working because my html form doesn't transfer any data to php — elmify, Jan 16 '13 at 23:07
If you want to echo **inserted** in your page you either have to use [**AJAX**](http://en.wikipedia.org/wiki/Ajax_(programming)) or have the php in the same page as the form. — david strachan, Jan 17 '13 at 00:03
Try putting an or die(mysql_error()); at the end of the mysql_query call and see what it happens. I typically put that on every mysql_* function that I use when I first start debugging to help me find problems really quick. I'd always do something like this: $run = mysql_query($query) or die('Query failed. ' . mysql_error()); — SISYN, Jan 17 '13 at 00:45
Check error logs or print what is going wrong with `mysql_error()`. By the looks of the code, it is fine. The only explanation is that the field data types are not being matched. — Starx, Jan 17 '13 at 03:30
@danL I inserted $run = mysql_query($query) or die('Query failed. ' . mysql_error()); just below my $query code and I couldn't see anything. So my issue is if I send values into mysql through my php code it displays the errors but if I do it through my html form it doesn't show ANYTHING. I'm not sure if my html form transfers any data to php — elmify, Jan 17 '13 at 13:24
If you're not sure if the form is submitting information properly, try putting print_r($_POST); at the top of the page and see if anything is printed out. You might also want to add error_reporting(E_ALL); to the top as well just to make sure that all known errors are being reported. — SISYN, Jan 17 '13 at 17:58
@PeterSzymkowski Actually, it's a good thing... for me. I always wanted to find some website out there that is vulnerable to this. So I can break it... should be fun :) . After this, they won't make the same mistake... — Radu Murzea, Jan 28 '13 at 17:50

Douglas Grim · Accepted Answer · 2013-01-17T03:13:13.190

1

If the table ttuser has any fields that do not have default values and you are not providing any data to those fields (e.g., there is a field called "usalary" with no default value that was not included in your INSERT INTO statement), the MySQL statement will fail.

Heed the many sql injection warnings :)

edited Jan 17 '13 at 03:13

answered Jan 17 '13 at 03:04

Douglas Grim

81
3

thanks for your answer but the only fields I have in my table are: uname, uemail and urole so I don't think I have an issue with the INSERT INTO statement – elmify Jan 17 '13 at 13:18

score 0 · Answer 2 · answered Jan 18 '13 at 15:29

0

OK guys it was all my fault because I was not viewing the page via the server. thanks for all your help, it was a silly mistake

answered Jan 18 '13 at 15:29

elmify

105
1
5
16

Can't insert data into MYSQL from a html form

2 Answers2