Table is not getting updated through mysqli_query insert

Question

Below is my html form:

<html>
    <head>
        <title>
             Registration
        </title>
   </head>
   <body>
     <form action="backreg.php" method="post">
          user id:<input type="text" name="rid"><br>
          fname:<input type="text" name="rname"><br>
          gender:
          <select name="rgen">
              <option value="male">male</option>
              <option value="female">female</option>
          </select><br>
          dob:<input type="text" name="rdob"><br>
          mobile:<input type="text" name="rmob"><br>
          PASSWORD:<input type="password" name="rpwd">
          <input type="submit" name="rsubmit" value="register">
     </form>

     <a href="index2.php" >already registered ?</a >
   </body>
</html>

The corresponding php code (backreg.php) to capture the values entered in the above form is below:

<?php
$conn = mysqli_connect("localhost", 'root', '', 'manideep_db');
if(isset($_POST['rsubmit'] ))
{
$id=$_POST['rid'];
$name=$_POST['rname'];
$gender=$_POST['rgen'];
$dob=$_POST['rdob'];
$mobile=$_POST['rmob'];
$password=$_POST['rpwd'];
$run=mysqli_query($conn, "INSERT INTO `table_1` (`rid`, `rname`, `rgen`, `rdob`,'rmob','rpwd')VALUES ('$id', '$name', '$gender', '$dob','$mobile','$password')");
if($run)
{
  header('Location: index2.php');
}
echo "error";
}
?>

manideep_db is my database name. table_1 is a table inside the db which contains the id, name, dob, gender, mobile and password fields. After filling the form and submitting, I'm getting output error instead of page getting redirected to index2.php. Please suggest what is going wrong in my code? Thanks.

Firstly, **don't** store passwords in plain text, use [password_hash()](http://php.net/manual/en/function.password-hash.php) and secondly, you're wide open to [SQL injection attacks](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). You'll also find it more useful, while debugging, to actually output *what* the error is (using [mysqli_error()](http://php.net/manual/en/mysqli.error.php)) rather than just the word "error". You might also want to add `die()` just after that `header()`. — CD001, Jul 13 '18 at 12:59
rid field is not of auto increment type. Do I have to change it? — Manideep Reddy N, Jul 13 '18 at 14:18
I have used mysqli_error and it has displayed this message Errormessage: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''rmob','rpwd') VALUES ('15', 'mani', 'male', '22-06-1995','' at line 1 — Manideep Reddy N, Jul 13 '18 at 15:01
It helped. Thank you so much for your inputs. mysqli_error() did a great help. — Manideep Reddy N, Jul 14 '18 at 06:48

Table is not getting updated through mysqli_query insert

0 Answers0