data not being inserted to databse PHP MySQL

Question

I am practicing in XAMPP for a little registration form with basic error handling and while i finally click the button to insert data into table, but it doesnt. I have checked everything, tables and rows are correct, database is connected as data from other pages is being inserted but from here no. The code is below,

<?php
/* Register Form */
include "connect.php";
include "links.php";

//check which form is being submitted
$get_submit_type = "";
if (isset($_POST['submit'])){
    echo $get_submit_type = "user_details_submit";
}
else if (isset($_POST['confirm_submit'])){
    echo $get_submit_type ="confirm_submit";
}
else {
    echo "";
}

// acction according to which form is submitted
switch($get_submit_type){
    case "user_details_submit":
?>
        <div style="clear: both; margin: auto; width: 50%; font: normal 12px Verdana;" id="register_details">
            <?php
                //if (isset($_POST['submit'])){

                    //error handling

                    // any field epmty
                    if(empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password_confirm']) || empty($_POST['email'])){
                        die($lang['REG_FIELD_EMPTY']);
                    }

                    // password not matching
                    if($_POST['password'] != $_POST['password_confirm']){
                        die($lang['REG_PASS_NOT_MATCHING']);
                    }

                    echo "<hr />";
                    $username = $_POST['username'];
                    $password = md5($_POST['password']);
                    $email = $_POST['email'];
                    echo $lang['REG_USER'] . " = " . $_POST['username'] . "<br />";
                    echo $lang['REG_PASS'] . " = " . md5($_POST['password']) . "<br />";
                    echo $lang['REG_EMAIL'] . " = " . $_POST['email'] . "<br />";
                    echo $lang['REG_NOTICE'] . " = " . $lang['REG_NOTICE_DETAILS'] . "<br />";

                //}
            ?>
    <form name="confirm" method="post" action="#confirmation_details">
        <input type="hidden" name="username" value="<?php echo $username; ?>" />
        <input type="hidden" name="password" value="<?php echo $password; ?>" />
        <input type="hidden" name="email" value="<?php echo $email; ?>" />
        <input type="hidden" name="group" value="standard_user" />
                <button type="submit" name="confirm_submit" class="form-sell"><?php echo $lang['REG_REGISTER_CONFIRM']; ?></button>
            </form>
        </div>
<?php
        break;
    case "confirm_submit":
?>

        <div id="confirmation_details" style="clear: both; width: 75%; margin: auto;">
            <?php
                //if(isset($confirm_submit)){
                    $username = $_POST['username'];
                    $password = $_POST['password'];
                    $email = $_POST['email'];
                    $group = $_POST['group'];
                    $query = mysql_query("INSERT INTO users (username,password,email,group) VALUES ('$username','$password','$email','$group')");

                    if(!$query){
                        die("The data was not inserted into the database");
                    }

                    echo $lang['REG_USER_REGISTERED'];

                //}
            ?>
        </div>
<?php
    break;
    default:
?>
<form name="register" method="post" action="#register_details">
<input type="text" class="form-sell" name="username" placeholder="<?php echo $lang['REG_USER']; ?>" id="username" /><br />
<input type="password" class="form-sell" name="password" placeholder="<?php echo $lang['REG_PASS']; ?>" /><br />
<input type="password" class="form-sell" name="password_confirm" placeholder="<?php echo $lang['REG_PASS_CONFIRM']; ?>" /><br />
<input type="text" class="form-sell" name="email" placeholder="<?php echo $lang['REG_EMAIL']; ?>" /><br />
<button type="submit" name="submit" class="form-sell"><?php echo $lang['REG_REGISTER']; ?></button>
</form>
<?php
}
?>

As i am practicing and this code is not online, so i am not using real escape strings with form data.

The for submit type is being displayed correctly as i have coded in first few lines. It is just the mysql query which is not working correctly, want to figure it out, please

I'd be more worried about the gaping wide open [SQL injection attack](http://bobby-tables.com) holes in your code... — Marc B, Apr 28 '13 at 16:18
can you please explain it a little as i am not aware of any other sort of SQL injection apart from "not using real_escape_string. Thanks — , Apr 28 '13 at 16:25

score 1 · Accepted Answer · answered Apr 28 '13 at 16:18

1

Did you get this error message?

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group....

GROUP is a Reserved Keyword and happens to be the name of your column. In order to avoid syntax error, the column name should be escaped using backticks. Ex,

INSERT INTO users (username,password,email,`group`)

MySQL Reserved Keywords List

If you have the privilege to alter the table, change the column name that is not on the Reserved Keyword List to prevent the same error from getting back again on the future.

answered Apr 28 '13 at 16:18

John Woo

258,903
69
498
492

let me check it please :) – Apr 28 '13 at 16:25
OK, this have sorted out the issue. Thanks about the explaination and the link you provided. :) – Apr 28 '13 at 16:31

data not being inserted to databse PHP MySQL

1 Answers1