a query is inserted from PHPMYAdmin but not from PHP

Question

i'm writing a php code to insert form values in a forum values

$dbServer = mysql_connect("localhost" , "root", "") ; 
if(!$dbServer) die ("Unable to connect");
mysql_select_db("kfumWonder");
$name= $_POST['name'] ; 
$password= md5($_POST['password']); 
$email= $_POST['email'] ; 
$major= $_POST['major'] ; 
$dateOfBirth=$_POST['dateOfBirth'] ; 
$webSite = $_POST['website']; 
$joinDate= date("Y m d") ;

$query = "INSERT INTO user (name, password, email, major, dob, website, join_date)
          Values ('$name', '$password', '$email', '$major', '$dateOfBirth',
                  '$webSite' , '$joinDate')" ; 

//echo $query ; 
$result = mysql_query($query) ;

if (! $result ) 
 echo " no results "  ;

this works perfectly fine when i took the printed query and run it in PHPMyAdmin but when i run this code nothing happens

Also, your code is vulnerable to SQL injection, you should fix that before going live: http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php — Pekka, Jan 13 '11 at 11:47
nobody knows really, why YOUR code being run on YOUR server, is going wrong — Your Common Sense, Jan 13 '11 at 11:48
so, you have to ask your server, not stackoverflow fellows. `$result = mysql_query($query) or trigger_error(mysql_query()." ".$query);` — Your Common Sense, Jan 13 '11 at 11:49
$result = mysql_query($query) or die(mysql_error()) ; and see what error — Shakti Singh, Jan 13 '11 at 11:50
Don't ever connect to your database as the root user. Create a limited privileges account for the web-facing stuff and reserve the root account for actual hands-on things when necessary. Running as root is highly dangerous. — Marc B, Jan 13 '11 at 15:16

dqhendricks · Answer 1 · 2011-01-16T18:56:31.993

1

Your POST vars need to be escaped if you do not have magic quotes on like this mysql_real_escape_string($_POST['blah']). Even if magic quotes is on, you should strip slashes, or turn off magic quotes in the cofig, and re-escape them with mysql_real_escape_string. Or use PDO to do database entries as it handles this for you.

Also, to see what your errors are, you could call your query like this:

if (!$result = mysql_query($query)) echo mysql_error();

edited Jan 16 '11 at 18:56

answered Jan 13 '11 at 16:51

dqhendricks

19,030
11
50
83

About #1, SQL is a case insensitive language. – shamittomar Jan 16 '11 at 14:56

a query is inserted from PHPMYAdmin but not from PHP

1 Answers1