0

I have "se" database and "client" table have 5 fields is User_ID,User_Name, User_Pass, Name, Status

My Table

<form name="form1" method="post" action="register.php">

<input name="txtUsername" type="text" id="txtUsername">
<input name="email" type="text" id="email">
<td><input name="txtPassword" type="password" id="txtPassword">

Register.php

$objConnect = mysql_connect("localhost","root","1234") ;
$objDB = mysql_select_db("se");
$strSQL = "INSERT INTO `client` ";
$strSQL .="(`User_ID`,`User_Name`,`User_Pass`,`Name`,`Status`) ";
$strSQL .="VALUES ";
$strSQL .="('3','".$_POST["email"]."','".$_POST["txtPassword"]."' ";
$strSQL .=",'".$_POST["txtUsername"]."','USER') ";
$objQuery = mysql_query($strSQL);
if($objQuery)
{
echo "Save Done.";
}else
{
echo "Error Save [".$strSQL."]";
}
mysql_close($objConnect);
?>

when I Run this code and insert somthing in it this code will "Error Save[............]"

Zoe
  • 27,060
  • 21
  • 118
  • 148
user3248233
  • 221
  • 1
  • 2
  • 5
  • Your database is MySQL. phpMyAdmin is just a web based interface for managing it. – John Conde Feb 25 '14 at 13:44
  • phpmyadmin is just a GUI – ggdx Feb 25 '14 at 13:45
  • Also, use mysqli_ for the connection and actions, the mysql_ way is deprecated. – Stephen Corcoran Feb 25 '14 at 13:46
  • **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Feb 25 '14 at 13:50
  • Its funny to see that all the answers warn about the use of mysql_* functions but keep displaying the code with mysql_* functions. – Tomás Feb 25 '14 at 13:56

2 Answers2

2

Use mysql_error() to get the error message related to your query:

$objQuery = mysql_query($strSQL);
if($objQuery) {
    echo "Save Done.";
} else {
    echo "Error Save [".$strSQL."]" . mysql_error();
}

FYI, mysql_* functions shouldn't be used in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

You are also wide open to SQL injections

Zoe
  • 27,060
  • 21
  • 118
  • 148
John Conde
  • 217,595
  • 99
  • 455
  • 496
0

Use something like this:

$mysqli = new mysqli('localhost', 'root', 'pw', 'se');

$email        = $mysqli -> real_escape_string($_POST['email']);
$password     = $mysqli -> real_escape_string($_POST['txtPassword']);
$textUsername = $mysqli -> real_escape_string($_POST['txtUsername']);

$sql = "INSERT INTO client (User_ID, User_Name, User_Pass, Name, Status) VALUES (3, '".$email."', '".$password."', '".$textUsername."', 'USER')";
$result= $mysqli -> query($sql);
$num   = $mysqli -> affected_rows;

if($num == 1){
   echo 'Inserted OK!';
}else{
   echo $mysqli -> error;
}

$mysqli->close();

You should always make sure that your SQL inserts / updates are properly escaped as this can cause vulnerabilities (SQL Injection). Another method of doing the above is by using prepared statements.

Finally:

mysql_* functions shouldn't be used in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Zoe
  • 27,060
  • 21
  • 118
  • 148
ajtrichards
  • 29,723
  • 13
  • 94
  • 101