Can't insert into a database with PHP

Question

For learning purposes, I am creating a password manager on my local system. However there is a problem when it comes to inserting data into the database and I'm not sure why it isn't working.

My entire document can be the found below.

<?php

    $user = 'root';
    $pass = '';
    $db   = 'accounts';
    $server = 'localhost';

    $db_handle = mysql_connect($server, $user, $pass);

    if (!$db_handle) {
        echo "Unable to connect to DB: " . mysql_error();
        exit;
    }

    $db_found = mysql_select_db($db, $db_handle);

    if ($db_found) {

        if (isset($_POST['type'])) {
            $getOrSet = $_POST['type'];
            $site = $_POST['site'];
            $login = $_POST['login'];
            if ($getOrSet == 'get') {
                $pass = mysql_fetch_assoc(mysql_query("SELECT password FROM manager WHERE site = '$site' AND username = '$login'"))['password'];
            } else if ($getOrSet == 'set') {
                $url = $_POST['url'];
                $pass = $_POST['pass'];
                mysql_query("INSERT INTO manager (site, url, username, password) VALUES ('$site', '$url', '$login' '$pass')");
            }
        }

    } else {
        echo "Unable to select database: " . mysql_error();
    }
    mysql_close($db_handle);

?>

<!doctype html>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <title>Document</title>
        <style>
            #left,#right{width:50%;margin:0;padding:0;float:left;text-align:center}
            form{width:300px;margin:0 auto}
            label{width:300px;display:block;line-height:1.65em}
            input{float:right}
            #pass{width:300px}
            #pass>span{float:right}
        </style>
    </head>
    <body>
        <h1>Password Manager</h1>
        <div id="left">
            <h2>Get Password</h2>
            <form action="index.php" method="post">
                <label>Site: <input type="text" name="site" /></label>
                <label>Email/Username: <input type="text" name="login" /></label>
                <input type="hidden" name="type" value="get" />
                <?php if(isset($_POST['type'])){if ($getOrSet == 'get') {echo "<span id=\"pass\">Password: <span>$pass</span></span>";}} ?>
                <input type="submit" value="Submit" />
            </form>
        </div>
        <div id="right">
            <h2>Set Password</h2>
            <form action="index.php" method="post">
                <label>Site: <input type="text" name="site" /></label>
                <label>URL: <input type="text" name="url" /></label>
                <label>Email/Username: <input type="text" name="login" /></label>
                <label>Password: <input type="password" name="pass" /></label>
                <input type="hidden" name="type" value="set" />
                <input type="submit" value="Submit" />
            </form>
        </div>
    </body>
</html>

Can someone please tell me why this code doesn't work?

mysql_query("INSERT INTO manager (site, url, username, password) VALUES ('$site', '$url', '$login' '$pass')");

Answer 1

use escapes before insert like

$site = mysql_real_escape_string($site);
$url = mysql_real_escape_string($url);
$login = mysql_real_escape_string($login);
$pass = mysql_real_escape_string($pass);

// now insert 

mysql_query("INSERT INTO manager (site, url, username, password) VALUES ('$site', '$url', '$login', '$pass')");

Note : mysql_* is deprecated. use mysqli_* or PDO

Answer 2

The problem is that there is a missing , after '$login' so

mysql_query("INSERT INTO manager (site, url, username, password) VALUES ('$site', '$url', '$login' '$pass')");

should have been

mysql_query("INSERT INTO manager (site, url, username, password) VALUES ('$site', '$url', '$login', '$pass')")