PHP not writing to first SQL field

Question

Thank you guys, worked it out, turns out it was in the js a word wasn't spelled correctly, always something simple

This is my script to write data to my database on my local server, it currently only writes to 2 fields, not the alias one, have I done anything wrong? I've triple checked the names in both the html form and the database field.

<?php
  // 1. Create connection to database

  mysql_connect('localhost','root','') or die('Could not connect to mysql: <hr>'.mysql_error());

  // 2. Select database

  mysql_select_db("trialdb") or die('Could not connect to database:<hr>'.mysql_error());

  // 3. Assign variables (after connection as required by escape string)

$alias = $_POST['alias'];
$name = $_POST['name'];
$email = $_POST['email'];

  // 4. Insert data into table

  mysql_query("INSERT INTO user_data (alias, name, email) VALUES ('$alias', '$name', '$email')"); 
  Echo 'Your information has been successfully added to the database.';  
  print_r($_POST);
  mysql_close()
?>

1; Don't use `mysql_query`. 2; Certainly don't inject `$_POST` verbatim into a query. 3; Have you tried echoing out the query that it's going to run? See that you actually have values in `$_POST` and also gives you the chance to execute straight on the DB. — Rudi Visser, Apr 02 '13 at 08:06
What is after print_r($_POST) and which type is 'alias' field? — Victor, Apr 02 '13 at 08:06
Also check that your table column names are all properly named and typed. — shannonman, Apr 02 '13 at 08:07
If it inserts all but `alias`, I'm curious as the the DB structure and wondering if something about how the field is defined is `auto_increment` or something of the sort. — Jon, Apr 02 '13 at 08:07
@shannonman i think table column name are properly type because if not. the other 2 values will not be insert and else produces a sql error — Jhonathan H., Apr 02 '13 at 08:08
Please make sure you read and understand [How to prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php) — Álvaro González, Apr 02 '13 at 08:09
When I say typed I meant the type of column, would be helpful to see the structure of your table. — shannonman, Apr 02 '13 at 08:09
Thank you guys, worked it out, turns out it was in the js a word wasn't spelled correctly, always something simple! — user2024564, Apr 02 '13 at 08:14
Try an error checking into your `$_POST[]` variables to see if each of them returns values. — Jhonathan H., Apr 02 '13 at 08:10

score 0 · Answer 1 · edited May 23 '17 at 11:49

First of all you should always check if the POST variables are being sent correctly:

if (
    !isset($_POST['alias']) or
    !isset($_POST['name']) or
    !isset($_POST['email'])
) // something is wrong

Second, you don't want to inject user input directly into the sql query. You should perform some escaping first (or even better replace the mysql_* deprecated drivers with PDO or mysqli and just use prepared statements):

$alias = mysql_real_escape_string($_POST['alias']);
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);

Third, you may want to check if the query performed correctly before printing a success message:

$res = mysql_query("INSERT INTO user_data (alias, name, email) VALUES ('$alias', '$name', '$email')"); 

echo ($res) 
    ? 'Your information has been successfully added to the database.' 
    : 'Your information couldn't be added to the database';

score 0 · Answer 2 · edited Apr 02 '13 at 08:34

you can try

<?php

$conn = mysql_connect('localhost','root','') or die('Could not connect to mysql: '.mysql_error());

mysql_select_db("trialdb", $conn) or die('Could not connect to database:'.mysql_error());

$alias = $_POST['alias'];
$name = $_POST['name'];
$email = $_POST['email'];

mysql_query("INSERT INTO user_data (`alias`, `name`, `email`) VALUES ('$alias', '$name', '$email')", $conn); 

echo 'Your information has been successfully added to the database.';  

print_r($_POST); 

mysql_close();

?>

PHP not writing to first SQL field

2 Answers2