PHP to insert values into SQL table

Question

So I am having this issue where i am getting the values from the POST, but when the insert query runs nothing is showing in the database, but I am getting no errors and the echos work. Here is my files:

config.php:

<?php

$host = "000webhost.com";
$user = "a9257*****";
$pass = "*****";
$db = "a9257*****";

$connect = mysql_connect($host, $user, $pass);
mysql_select_db($db, $connect);

?>

Here is my submit.php:

<?php

include "config.php";

$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$pass = md5($_POST['pass']);

$insert = 'INSERT INTO tblUsers (userFirstName, userLastName, userEmail, userPassword) VALUES("'.$fname.'","'.$lname.'""'.$email.'","'.$pass.'")';

mysql_query($insert);

echo $fname;
echo $lname;
echo $email;
echo $pass;

?>

Any help will be much obliged.

Answer 1

$insert = 'INSERT INTO tblUsers (userFirstName, userLastName, userEmail, userPassword) VALUES("'.$fname.'","'.$lname.'","'.$email.'","'.$pass.'")';

You forgot a comma "'.$lname.'"HERE"'.$email.'"

Edit: escape your variables or your database will get hacked (will, not if ;) )

Answer 2

You get no errors because you are not asking MySQL to give them to you!

Change this line:

mysql_query($insert);

into this version:

mysql_query($insert, $connect) or die("MySQL error:". mysql_error($connect));

Let us know the error, or fix it directly yourself.

AND PLEASE ADD ESCAPING! All your values allow for SQL injection attacks!

And please do not use MD5 for password hashing! Starting at PHP 5.5 there are easy to use password hashing functions, that also have been backported to PHP 5.3.6. Please include this simple library: https://github.com/ircmaxell/password_compat