PHP MySQL Cannot use "INSERT INTO"

Question

I have created a webpage named Register.php which should insert data into my database. The problem with this is that the registration page works but then when I try to log in the information was not added into my database is there anything that I did wrong that I cannot find?

<?php
    echo "<h1>Register</h1>";
    $submit = $_POST['submit'];
    //form data
    $FullName = strip_tags($_POST['FullName']);
    $UserName = strip_tags($_POST['UserName']);
    $Password = strip_tags($_POST['Password']);
    $RepeatPassword = strip_tags($_POST['RepeatPassword']);
    if ($submit)
    {   
        //open database
        $connect = mysql_connect("localhost","root","");
        mysql_select_db("cs266db_db1");

        $namecheck = mysql_query("SELECT UserName FROM user_ID WHERE UserName='$UserName'");
        $count = mysql_num_rows($namecheck);
        if ($count!=0)
        {
            die("UserName already taken");
        }       
        //check for existence
        if($FullName&&$UserName&&$Password&&$RepeatPassword)
        {        
            //check password and repeat password match
            if($Password==$RepeatPassword)
            {         
                //check length of username and fullname
                if (strlen($UserName) > 25 || strlen($FullName)>25)
                {
                    echo "Length of username or fullname is over 25 characters!";
                }
                else {
                   //check password
                   if(strlen($Password)>25 || strlen($Password) < 6) {
                     echo "Password must be between 6 and 25 characters";
                   } else {              
                        //encrypt password
                        $Password = md5($Password);
                        $RepeatPassword = md5($RepeatPassword);                              
                        $queryreg = mysql_query("INSERT INTO user_id VALUES (FullName='".$FullName."',UserName='".$UserName."',Password='".$Password."'");             
                    }
                   die("You have been registered <a href='index1.php'> Return to Login Page </a>");          
                }           
            }
            else{
                echo "Your passwords do not match";
            }        
        } else {
           echo "Please fill in all fields!";    
        }  
    }
?>

<html>    
<form action="register.php" method="POST">
<table>
    <tr>
        <td>
            Your full name:
        </td>
        <td>
            <input type="text" name="FullName" value="<?php echo $FullName ?>">
        </td>
    </tr>
    <tr>
        <td>
            Choose a username:
        </td>
        <td>
            <input type="text" name="UserName" value="<?php echo $UserName ?>"> 
        </td>
    </tr>
    <tr>
        <td>
            Choose a password:
        </td>
        <td>
            <input type="password" name="Password">
        </td>
    </tr>
    <tr>
        <td>
            Repeat your password:
        </td>
        <td>
            <input type="password" name="RepeatPassword">
        </td>
    </tr>
</table>        
  <br>
   <input type="submit" name="submit" value="Register">                
</form>    
</html>

Im getting an error of this as well(I am running on netbeans):

Notice: Undefined index: submit in C:\Xampp\htdocs\Resume_DB\register.php on line 4 Notice: Undefined index: FullName in C:\Xampp\htdocs\Resume_DB\register.php on line 7 Notice: Undefined index: UserName in C:\Xampp\htdocs\Resume_DB\register.php on line 8 Notice: Undefined index: Password in C:\Xampp\htdocs\Resume_DB\register.php on line 9 Notice: Undefined index: RepeatPassword in C:\Xampp\htdocs\Resume_DB\register.php on line 10

Does this have to do with my problem of insertion? If so can you help! Please and thank you!

**WARNING**: If you're just learning PHP, please, do not learn the obsolete [`mysql_query`](http://php.net/manual/en/function.mysql-query.php) interface. It's awful and has been removed in PHP 7. A replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and a guide like [PHP The Right Way](http://www.phptherightway.com/) helps explain best practices. Your user parameters are **not** [properly escaped](http://bobby-tables.com/php) and you have severe [SQL injection bugs](http://bobby-tables.com/) here. — tadman, Apr 19 '16 at 03:22
**WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/5.2/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and never store passwords as plain-text. — tadman, Apr 19 '16 at 03:22
It's sort of good that this isn't working because if it was working it would do the exact opposite of what you intend: Instead of locking people out of your system with a password it lets anyone take over your system completely and get whatever they want out of your database. — tadman, Apr 19 '16 at 03:27

score 0 · Answer 1 · answered Apr 19 '16 at 04:53

I don't think the the way you run the insert is even valid in MySql, I just tried it on my MySql on wamp and the line does not return error but all the values that are been insert are NULL I'm talking about this line

insert into tmp_table values (`field_1`='value_1', `field_2`='value_2', `field_3`='value_3' ...)

Do you get empty rows in your DB or no rows at all ?

PHP MySQL Cannot use "INSERT INTO"

1 Answers1