Not passing data PHP

Question

My code isn't working

mysql_query( 'INSERT INTO RegUsuarios ( Nombre,Email,PW ) values 
("$_POST[Nombre]","$_POST[Email]","$_POST[PW]")' , $Con ) or 
die('Problema insertando los datos');

I know that it is this line because everything else is working

score 2 · Answer 1 · answered Jul 10 '13 at 06:14

2

You cant process PHP code inside single speech marks, only in doubles.

Either swap all your singles for doubles or else do this "'.$_POST['Nombre'].'"

answered Jul 10 '13 at 06:14

Zevi Sternlicht

5,399
19
31

@IsraelJiménez no prob, dont forget to click the green tick if this helped you! – Zevi Sternlicht Jul 10 '13 at 06:20
1

Tough he should not use `$_POST` directly in the query, always escape user input due to SQL injection issues. Also the `mysql_` functions are deprecated, the `mysqli` functions or `PDO` should be used. – enricog Jul 10 '13 at 06:21
@TheCandyMan Yes. Solution above is just a quick fix, but the code has many problems as you pointed. – Ilija Jul 10 '13 at 06:25

score 0 · Answer 2 · answered Jul 10 '13 at 06:14

0

Use this instead

mysql_query("INSERT INTO RegUsuarios (Nombre,Email,PW) values ('$_POST[Nombre]','$_POST[Email]','$_POST[PW]')",$Con);

As a good practice,always use ' inside " and not the other way around.

answered Jul 10 '13 at 06:14

Mayur

291
1
3
16

score 0 · Answer 3 · answered Jul 10 '13 at 06:16

mysql_query( 'INSERT INTO RegUsuarios ( Nombre,Email,PW ) values ("$_POST[Nombre]","$_POST[Email]","$_POST[PW]")' , $Con ) or die('Problema insertando los datos');

should be

mysql_query( 'INSERT INTO RegUsuarios ( Nombre,Email,PW ) values (\''.$_POST[Nombre].'\',\''.$_POST[Email].'\',\''.$_POST[PW].'\')' , $Con ) or die('Problema insertando los datos');

score 0 · Answer 4 · answered Jul 10 '13 at 06:16

mysql_query("INSERT INTO RegUsuarios (Nombre,Email,PW) values ('$_POST[Nombre]','$_POST[Email]','$_POST[PW]')",$Con) or die('Problema insertando los datos');

try the above query. Double quotes replaced by single quotes.

score 0 · Answer 5 · answered Jul 10 '13 at 06:19

0

use this $_POST['Nombre'] in quotes 'Nombre' ....

INSERT INTO RegUsuarios (Nombre,Email,PW) values ('$_POST['Nombre']','$_POST['Email']','$_POST['PW']')',$Con) or die('Problema insertando los datos');

answered Jul 10 '13 at 06:19

chwajahat

35
1
7

$_POST['Nombre'] it is not invalid... I didn't tested the query, but quotes in $_POST give error if not present. – chwajahat Jul 10 '13 at 06:34
`'$_POST['Nombre']',` has to be like `'$_POST[Nombre]',` – Jul 10 '13 at 07:36

score 0 · Answer 6 · edited May 23 '17 at 11:56

0

Your string is not properly assembled (as others pointed).

That's the minor problem with your code. The major problem is that your example is prone to SQL injection because you don't perform any input data sanitisation. Here's a question (and answer) that covers this subject: How can I prevent SQL injection in PHP?

edited May 23 '17 at 11:56

Community

1
1

answered Jul 10 '13 at 06:22

Ilija

4,105
4
32
46

Not passing data PHP

6 Answers6