[NemY]

I'm new to PHP and would like some assistance. I used a tutorial to make a login system, but it didn't come with a register. So I decided to make this myself, I got a small bit of code given to me.

<?PHP

	$user_name = "root";
	$password = "";
	$database = "login";
	$server = "localhost";

$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
$name = $_POST['name'];
$passworda = $_POST['password'];

if ($db_found) {

	$SQL = "INSERT INTO `members` VALUES (1000, $name, $passworda)";

$result = mysql_query($SQL);

mysql_close($db_handle);

print "Records added to the database";
}
else {
print "Database NOT Found ";
mysql_close($db_handle);
}

?>

It says "Recoreds added to the database", but it doesn't add them. Why and how would I fix this?

Thanks, NemY.

Also, sorry if i've missed any details out. I'm not quite sure what you would need in order to fix this.

This post has been edited by NemY: 27 January 2010 - 08:40 AM

[JackOfAllTrades]

name and password are string variables, so you need to surround the values in quotes in the query.

$SQL = "INSERT INTO `members` VALUES (1000, '$name', '$passworda')";

Also, you can make sure that it worked by checking the return value of the mysql_query() call:

if ($result) {
   echo "Successfully added record";
} else {
   echo "Failed adding record to DB. Query was $SQL, error was " . mysql_error();
}

[CTphpnwb]

For testing, try using:

$result = mysql_query($SQL) or die(mysql_error());

More importantly, never trust the user. The code you're using is setting you up for an sql injection attack.

[NemY]

Thank you very much. It works now.

Also, would this work?

$query = mysql_query("SELECT * FROM student");
$number=mysql_num_rows($query);
$actnumber = $number + 1


Edit:


You mean sanitation? Sorry, I'm new to MySQL and PHP. Could you possibly explain what it is?

This post has been edited by NemY: 27 January 2010 - 08:52 AM

[CTphpnwb]

http://tinyurl.com/dhxhf4