0

enter code hereMy php file is not posting the form on my database. I have searched in other threads, but i can't make it work. I tried everything, but I can't make it work. I am using XAMPP for hosting. Code:

<?php
$link=mysql_connect('localhost','root','');
mysql_select_DB('registro',$link);
?>
<html>
  <head>
    <meta charset="utf-8" />
    <link rel="icon" type="image/png" href="/images/icon.png" />
    <title>Insert.</title>
    <link href="estilo.css" rel="stylesheet" type="text/css" />
  </head>
  <link href="../../../../../Mis Cosas/Mis documentos/Insert/estilos/estilos.css"     rel="stylesheet" type="text/css">
  <body>
      <?php if(!$_POST) { ?>
      <h1>Registro</h1> 
      <form id="form1" name="form1" action="index.php" method="POST">
        <p>Nombre:
          <input name="nombre" type="name" class="input" placeholder="Nombre">
        </p>
        <p><BR>Apellido:
          <input name="ape" type="text" class="input" placeholder="Apellido">
        </p>
        <p>Email:    
          <input name="email" type="email" class="input" placeholder="Email">
        </p>
        <p>Tel&eacute;fono: 
          <input name="tel" type="text" class="input" placeholder="Teléfono">
        <BR>
          <input name="enviar" type="submit" class="button" value="Enviar">
        </p>
      </form>
      <?php 
      }else{
      $nombre=$_POST['nombre'];
      $apellido=$_POST['ape'];
      $email=$_POST['email'];
      $tel=$_POST['tel'];
      $sql = "INSERT INTO clientes(nombre,apellido,email,tel) VALUES('$nombre','$apellido','$email','$tel')";
      Mysql_query($sql);
      print"Done";
      }?>
  </body>
</html>
Rozu
  • 11
  • 1
  • 1
    Add error reporting to the top of your file(s) `error_reporting(E_ALL); ini_set('display_errors', 1);` – Funk Forty Niner Jun 04 '14 at 16:03
  • Plus, I'm not entirely sure about this, but `mysql_select_DB` you may want to try changing it to `mysql_select_db` all in lower-case letters. `Mysql_query` to `mysql_query` You may also want to add `if(isset($_POST['enviar'])){...}` – Funk Forty Niner Jun 04 '14 at 16:04
  • First of all, you are using mysql_ with php which is old and vulnerable. Than you're connecting as a root which is a big mistake. On top of that you provide no validation for your input. Your database is 100% insecure at this point. – MikeWu Jun 04 '14 at 16:04
  • Your present code is open to [**SQL injection**](http://stackoverflow.com/q/60174/). Use [**`mysqli_*` with prepared statements**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php), or [**PDO**](http://php.net/pdo) with [**prepared statements**](http://php.net/pdo.prepared-statements). – Funk Forty Niner Jun 04 '14 at 16:14

1 Answers1

2

First problem:

Mysql_query($sql); //even though php functions are case-insensitive
^
should be lower case

Second problem: You are not escaping your data, you should use PDO or MySQLi instead. This introduces serious problems to your site like SQL Injection.

I think your problem is this that you are not escaping your variables. You are probably getting an error message like syntax error if any of your input fields contains a quote, but because of your error_reporting it might be displayed within error_log. So either use mysql_real_escape_string($postVariable); or use prepared statements.

Example with PDO:

$nombre   = $_POST['nombre'];
$apellido = $_POST['ape'];
$email    = $_POST['email'];
$tel      = $_POST['tel'];

$sql      = "INSERT INTO clientes(nombre, apellido, email, tel)  
             VALUES(:nombre, :apellido, :email, :tel)";

$stmt     = $pdoObj->prepare($sql);

$stmt->bindParam(':nombre', $nombre, \PDO::PARAM_STR);
$stmt->bindParam(':apellido', $apellido, \PDO::PARAM_STR);
$stmt->bindParam(':email', $email, \PDO::PARAM_STR);
$stmt->bindParam(':tel', $tel, \PDO::PARAM_STR);

if ($stmt->execute()) {
   echo 'DONE';
}
GGio
  • 7,563
  • 11
  • 44
  • 81
  • *"Thirs problem: Are you connecting to the database? Where is the code that connects to the database and selects database?"* --- Look at the first lines on top of OP's code. ;-) – Funk Forty Niner Jun 04 '14 at 16:21