PHP Insertion of data

Question

I'm having a problem in inserting data to my database. I don't have any clues what's the error.

Here's my index:

<form id="myForm" action="insert.php" method="post">
    Name: <input type="text" name="name"/><br/>
    Username: <input type="text" name="username"/><br/>
    Password: <input type="password" name="password"/><br/>
    <button id="sub">Save</button>
</form>

<span id="result"></span>

And here's my insert.php:

include_once('db.php');

$name = $_POST['name'];
$username = $_POST['username'];
$password = $_POST['password'];

if(mysql_query("INSERT INTO table_users VALUES('$name', '$username', '$password')")){
    echo "Successfully Inserted";
} else {
    echo "Insertion Failed";
}

And my db.php:

$conn = mysql_connect('localhost', 'root', '');
$db = mysql_select_db('neverstoplearning');

Your code is open to [SQL Injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) (which is likely why your query is failing) and you need to [stop using mysql_ functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) — Machavity, Feb 29 '16 at 15:38
@Typoheads there's no error, it's just returning "Insertion Failed" — Karlaxis, Feb 29 '16 at 15:38
I would look at the following links; http://stackoverflow.com/questions/548986/mysql-vs-mysqli-when-using-php, http://stackoverflow.com/questions/13569/mysqli-or-pdo-what-are-the-pros-and-cons and very very importantly https://www.owasp.org/index.php/SQL_Injection — Garry Welding, Feb 29 '16 at 15:39
@Karlaxis because these function are deprecated. Use mysqli_* instead. — t.h3ads, Feb 29 '16 at 15:40
@Karlaxis You could do `echo "Insertion failed: " . mysql_error();` — Chin Leung, Feb 29 '16 at 15:42
@apokryfos Exactly sir even the table structure I already check them. — Karlaxis, Feb 29 '16 at 15:42
To both your lines in `db.php`, add `or die(mysql_error());` behind them. In your other files, take a look at [`error_reporting(E_ALL);`](http://php.net/manual/en/function.error-reporting.php) [`ini_set('display_errors', 1);`](http://php.net/manual/en/function.ini-set.php) and add that to your code. You should also take a close look at your table, making sure that the names and types are correct. — Qirel, Feb 29 '16 at 15:44
@Typoheads it returns "Column count doesn't match value count at row 1". I have 4 column in my table the id (which is auto-increment), name, username and password also. — Karlaxis, Feb 29 '16 at 15:44
@Karlaxis If your table has 4 columns you need to provide 4 values OR 3 column names with 3 values. — apokryfos, Feb 29 '16 at 15:46
@CodeGodie Yes sir, the id column is INT then the rest is VARCHAR any problem with that? — Karlaxis, Feb 29 '16 at 15:46
@Karlaxis Then your issue is that you're trying to insert `$name` where the ID should be. Change your query to something like `"INSERT INTO table_users (\`name\`, \`username\`, \`password\`) VALUES ('$name', '$username', '$password')"` — Qirel, Feb 29 '16 at 15:48
i've change my code to: mysql_query("INSERT INTO table_users (name, username, password) VALUES('$name', '$username', '$password')") from: mysql_query("INSERT INTO table_users VALUES('$name', '$username', '$password')"); and now it's perfectly fine. Thanks to all the response! You guys rocks! — Karlaxis, Feb 29 '16 at 15:49
As a side-note, `` shouldn't actually submit the form unless you use some funky JavaScript. You'll need a `type="submit"` for that. ;-) — Qirel, Feb 29 '16 at 15:50
@Karlaxis `name` is a reserved word in SQL, so you should use backticks around it: `\`name\`` :-) See https://dev.mysql.com/doc/refman/5.7/en/keywords.html — Qirel, Feb 29 '16 at 15:51
@Qirel Okay sir i'll take note of that thanks again! cheers!! — Karlaxis, Feb 29 '16 at 15:53

score 0 · Answer 1 · answered May 20 '16 at 07:05

You need to make the HTML form in a valid way like you use form but not a submit button as type submit.

HTML Form

<form id="myForm" action="insert.php" method="post">
    Name: <input type="text" name="name"/><br/>
    Username: <input type="text" name="username"/><br/>
    Password: <input type="password" name="password"/><br/>
    <input type="submit" id="sub" value="Save" name='submit_form'/>
</form>

Now when you click on he submit button its go for the page insert.php and from there you need to store your the username, name and password.

insert.php

For this part you need to follow some rules, Stay away from SQL Injection, follow what i share as a Note at the bottom. And must use a isset submit for doing all these thing.

if(isset($_POST['submit_form']){
    include_once('db.php');
    $name = $_POST['name'];
    $username = $_POST['username'];
    $password = $_POST['password'];

    // use mysqli_* and the $conn string.
    if(mysqli_query($conn, "INSERT INTO table_users VALUES('$name', '$username', '$password')")){
        echo "Successfully Inserted";
    } else {
        echo "Insertion Failed";
    }
}

Note:

For the protection of SQL Injection must use mysqli_escape_string, mysql_real_escape_string, addslashes , md5, hash. and mysql_* now Deprecated, so start use of mysqli_* or PDO.

PHP Insertion of data

1 Answers1