-2

I have a php "verifyconect.php" script which has my connection to the server. When I fill out my form page it is meant to write the data to the MySQL database but it does not do this. I have also changed the hostname to "localhost" although this is being hosted on the web. I inputted the server hostname which works with my FTP software but no change occurs. Please what am I getting wrong.

verifyconect.php

<?php
$link = mysql_connect ("hostname", "###", "###");
      mysql_select_db ("dbtable", $link);
?>

VerifyLogin.php

<?php
include("verifyconect.php");
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];

$insert = 'INSERT INTO verifytable (username, email, password, confirm_password) VALUES ("'.$username.'", "'.$email.'", "'.$password.'", "'.$confirm_password.'")';

mysql_query($insert);
?>
Gerald Schneider
  • 17,416
  • 9
  • 60
  • 78
user3688398
  • 3
  • 1
  • which kind of error r u facing ? – SagarPPanchal May 30 '14 at 09:33
  • add "print mysql_error();" after "mysql_query($insert);" and post what you get. – snitch182 May 30 '14 at 09:35
  • try $link = mysql_connect('localhost', 'mysql_user', 'mysql_password'); if (!$link) { die('Could not connect: ' . mysql_error()); } – Rakesh Sharma May 30 '14 at 09:36
  • word of advice .. never do something like this ->"'.$username.'"<- in the wild(=live) .. always ...always ...always! use "'.mysql_real_escape_string($username).'" or you will be hacked in no time ... – snitch182 May 30 '14 at 09:38
  • phpMyAdmin is a software which allows you to manage databases, but the table is created within MySQL server. **What error do you get?** ([enable error reporting](http://blog.flowl.info/2013/enable-display-php-errors/) + `echo mysql_error();`) – Daniel W. May 30 '14 at 09:43
  • Keep in mind, all mysql_ functions have been deprecated, mysql_connect as an example: http://us3.php.net/manual/en/function.mysql-connect.php. You ought to be using mysqli_* functions moving forward. – Jason May 30 '14 at 10:18

1 Answers1

0

You are switching up the single and double quotes.

Suppose

username = john
email = john@example.com
password = hell0w0rld
confirm = hell0w0rld

then the query will be this:

INSERT INTO verifytable (username, email, password, confirm_password) VALUES ("john", "john@example.com", "hell0world", "hell0w0rld")

Using double quotes in SQL queries give a syntax error. To use literal values in SQL queries, you must use single quotes.

So if you rewrite the line with your $insert variable to the following:

$insert = "INSERT INTO verifytable (`username`, `email`, `password`, `confirm_password`) VALUES ('".$username."', '".$email."', '".$password."', '".$confirm_password."')";

you will be good.

Also note that I surrounded the SQL table column names with backticks, so if you use a keyword (like password) as column name, it won't give syntax errors.

Update

It seems that in some cases using double quotes for (literal) values to insert into a SQL table, sometimes will work too. However, according to this answer, you better stick to single quotes.

Community
  • 1
  • 1
MC Emperor
  • 22,334
  • 15
  • 80
  • 130
  • Could you elaborate on this please `Using double quotes in SQL queries give a syntax error` I seem to be missing something here – asprin May 30 '14 at 09:57
  • @asprin When you take a look at the query stored in the PHP variable `$insert`, then you see that the OP uses single quotes around a PHP string literal, and double quotes in his SQL query. So the query `INSERT INTO test (email) VALUES ("john@example.com")` (with the double quotes) is not valid, it gives an error: `Unknown column 'john@example.com' in 'field list'`. Replace the double quotes by single quotes like this: `INSERT INTO test (email) VALUES ('john@example.com')` and the error is gone. – MC Emperor May 30 '14 at 10:54