PHP Insert INTO Not Inserting Data

Question

Below is my Html and php code both in separate files for my insert query it is trying to insert registration details but it keeps failing, any reasons where i am going wrong. I have trying using different types of speech marks but it still doesnt work and the textbook i have shows this method. The database can log users in and check if user exists but can not insert data. Thanks.

<?php
include 'db.php';

session_start();
?>
<!DOCTYPE html>

<html>

<head>

</head>
<?php 
include 'header.php';
?>

    <div id="logincontent"> 

    <div id="registerform" class="loginform-in">
        <h1>Registration</h1>
        <fieldset>
            <form id="myForm" action="registerscript.php" method="POST">
            Email: <input type="text" name="username"/><br />
            Password: <input type="password" name="pass"/><br />
            First Name: <input type="text" name="fname"/><br />
            Last Name: <input type="text" name="lname"/><br />
            Address 1: <input type="text" name="add1"/><br />
            Address 2: <input type="text" name="add2"/><br />
            Postcode: <input type="text" name="pcode"/><br />
            Telephone: <input type="text" name="phone"/><br />
            <button id="submit">Register</button>
            </form>

            <div id="ack"></div>
        </fieldset>
    </div>
    </div>
</body>
</html>

PHP File

<?php
  include('db.php');

  $email = mysql_real_escape_string( $_POST["username"] );
  $pass = mysql_real_escape_string( md5($_POST["pass"]) );
  $firstname = mysql_real_escape_string( $_POST["fname"] );
  $surname = mysql_real_escape_string( $_POST["lname"] );
  $add1 = mysql_real_escape_string( $_POST["add1"] );
  $add2 = mysql_real_escape_string( $_POST["add2"] );
  $pcode = mysql_real_escape_string( $_POST["pcode"] );
  $phone = mysql_real_escape_string( $_POST["phone"] );

  if( empty($email) || empty($pass) )
  {
    echo "Email and Password are Mandatory";
    exit();
  }




$res = mysql_query("SELECT email FROM members WHERE email='$email'");
      $row = mysql_fetch_row($res);


  if( $row > 0 )
    echo "The Email $email has already been taken. Click Forgot Password to Retrieve";

  else
  {
      $sql = "INSERT INTO members (memberid, firstname, surname, address1, address2, postcode, telephone, email, password) VALUES (
                                       '',
                                       '$firstname', 
                                       '$surname', 
                                       '$add1', 
                                       '$add2', 
                                       '$pcode', 
                                       '$phone', 
                                       '$email'
                                       '$pass')";
   if( mysql_query($sql) )
     echo "Registration Successfull";
   else
     echo "An Error Occured Please Try Again";
}

?>

md5 on password, may as well not bother and store it as plain text (http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords) — , Feb 04 '14 at 19:23
remove memberid from `$sql = insert into ...` this is probably auto_increment type — Mr. Radical, Feb 04 '14 at 19:28
GOT IT SORTED THANK YOU @Mr.Radical i think that got it and shankar damodarans help too — Shay Young, Feb 04 '14 at 19:35
`$res = mysql_query("SELECT email FROM members WHERE email='".$email."'");` — Mr. Radical, Feb 04 '14 at 19:35

score 2 · Accepted Answer · answered Feb 04 '14 at 19:23

2

You missed a comma here

                                       '$phone', 
                                       '$email', //<-------------- Here
                                       '$pass')";

answered Feb 04 '14 at 19:23

Shankar Narayana Damodaran

68,075
43
96
126

Yeah i fixed that still no better :(. if anyone sees anything please say i really am lost. – Shay Young Feb 04 '14 at 19:26

Mr. Radical · Answer 2 · 2014-02-04T21:07:08.877

1

Remove memberid from $sql = insert into ... this is probably an auto_increment type value in your mysql database.

BTW you are better off using mysqli or pdo instead of using mysql_. And with prepared statements you would limit the risk for SQL injection.

edited Feb 04 '14 at 21:07

answered Feb 04 '14 at 19:41

Mr. Radical

1,847
1
19
29

score 0 · Answer 3 · answered Feb 04 '14 at 19:35

0

Add the following to find MySQL Error:

else
     echo "An Error Occured Please Try Again";
     echo mysql_errno($res) . mysql_error($res);

answered Feb 04 '14 at 19:35

Grant

2,413
2
30
41

PHP Insert INTO Not Inserting Data

3 Answers3