0

I just started using a web hosting service and I'm new to PHP and MySQL. I was trying to use the video I see here https://www.youtube.com/watch?v=gvGb5Z0yMFY as a simple recipe on adding a row to a table. I have a table called forumites in my MySQL database and it has 3 columns -- username, email and password. 

HTML form:

    <div class="boardbox hidden" id="regdiv">
        <form id="regform" action="newuser.php" method="post">
            <p>Username:<input class="threadipt" type="text" name="username"></p>
            <p>Email address:<input class="threadipt" type="text" name="email"></p>
            <p>Password:<input class="threadipt" type="text" name="password"></p>
            <button onlick="phpfunction">Create Account</button>
        </form>
     </div>

newuser.php:

<?php
    $conn = mysql_connect();
    if (!$conn)
      echo 'could not connect'; 
    $db = mysql_connect_db('forumites');
    $name = $_Post['username'];
    $em = $_Post['email'];
    $pass = $_POST['password'];
    if (!mysql_query("INSERT INTO forumes VALUES('$name','$em','$pass')"))
       echo 'Could not enter user info:';
?>

I think the part that is confusing me is the mysql_connect(...) command. In the video I'm watching, the guy writes mysql_connect('localhost', 'root', ''), but I'm not sure if he's using a web hosting service like I am. I read the W3Schools page on the command http://www.w3schools.com/php/php_mysql_connect.asp but it's not very informative.

Long story short, I'm trying to connect to the databse on my web hosting service and I'm probably doing a ton of things wrong. I was wondering if you guys could point out a few of the things I'm doing wrong.

user3537336
  • 221
  • 2
  • 9
  • 5
    [Please, don't use `mysql_*` functions in new code](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). **You are also wide open to [SQL injections](http://stackoverflow.com/q/60174)** – John Conde Apr 17 '14 at 20:19
  • Opinion: You should not use or link to [w3schools](http://www.w3fools.com). It's not a reliable source of information and we don't want to encourage its use. – John Conde Apr 17 '14 at 20:21
  • Here is a list of issues that clearly needs to be addressed: Sanitize your input, use mysqli instead of mysql, add your host, username and pass if you have any, and your insert statement should be `"insert into forumes (username, email, pass) values ('$name', '$em', '$pass')"` . – random21 Apr 17 '14 at 20:28

1 Answers1

0

to answer your question about 'localhost' when creating a database connection, and this applies to mysqli and PDO as well, which as John Conde commented, you should be using instead of mysql_

if your database is hosted on a computer other than your local machine, the hostname 'localhost' can be replaced either with an IP address, or with a domain address.

for example if you're on an internal network, and your database is on another computer within your network, you can use '192.168.1.15' (if the database computer's IP ends with 15, that's just an example, you need the actual IP of that machine)

if it's on a website, you can use the website, for example, if msn is hosting your database, your hostname would be www.msn.com. your host provider should have something like cpanel which provides you with that sort of information

Jeff Hawthorne
  • 568
  • 2
  • 12