Home/ Questions/Q 6868883
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T03:29:19+00:00

Hey guys I know that this is probably just a simple sql statement but

  • 0

Hey guys I know that this is probably just a simple sql statement but I can not figure out the problem. It adds the user to the database but it will not add the firstname of the user. If I switch the sql statement around for example have username and email before first name it then does not insert the password switches name and email. Does anyone know how to fix this problem and have all of the information inserted into the proper tables in the database. 

<!--
To change this template, choose Tools | Templates
and open the template in the editor.
-->
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title></title>
    </head>
    <body>
        <?php

  $db_server = "server";
       $db_username = "name";
       $db_password = "pass";

       $con = mysql_connect($db_server, $db_username, $db_password);if (!$con)
                {
                    die('Could not connect: ' . mysql_error());
                }

               $database = "Account_Holder"; 

              $er = mysql_select_db($db_username);
        if (!$er) 
        {
         print ("Error - Could not select the database");
         exit;
        }        

        // table name
$tbl_name=Account_Holder;

// Random confirmation code
//$confirm_code=md5(uniqid(rand()));

// values sent from form
$firstName=$_POST['firstName'];
$email=$_POST['email'];
$password=$_POST['password'];
$username=$_POST['username'];



        // Insert data into database
$sql="INSERT INTO $tbl_name(firstname, username, email, password)VALUES('$firstname', '$username', '$email', '$password')";
$result=mysql_query($sql);

echo "You have been added to the database! You may now log on using your username."
       ?>
        <a href ="login.html"> Login Page </a>

    </body>
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Looking at your code, nothing seems wrong, except major security flaws. Perhaps you wrote some value from the $_POST array wrong. Do a print_r on the array to see the exact names.

    First of all, your code is extremely vulnerable to SQL injection, you should use mysql_real_escape_string on every of your user input. You can never trust any user input.

    You should make your SQL look like:

    $sql = "INSERT INTO $tbl_name (firstname, username, email, password) VALUES ('".mysql_real_escape_string($firstname)."', '".mysql_real_escape_string($username)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($password)."')";

    I am unsure whether the ommited spaces will have any effect on the query, but its good to have to make it easier to read. If you’re unsure about whats wrong, you should always use mysql_error to show the error, like this:

    $result=mysql_query($sql) or die(mysql_error());

    Third and last thing. You should never store passwords as plaintext in the database. For the love of god, please hash it or something 🙂

    • 0