Codeigniter not adding user to database

Question

I tried to add a user to my database with only the first_name, last_name, username, email, and password and it works.

However, when I try to add a user with other values, like $IP and stuff, it doesn't work. It simply says

"A Database Error Occurred"

My code in model_user.php

public function insert_user() {

    $first_name = $this->input->post('first_name');
    $last_name = $this->input->post('last_name');
    $username = $this->input->post('username');
    $email = $this->input->post('email');
    $password = $this->input->post('password');
    $IP = "2";
    $total_entry = 1;
    $average_entry = 1;
    $date_of_registration = date("Y-m-d H:i:s");
    $lastactive = date("Y-m-d H:i:s");
    $user_level = 2;
    $account_state = "Active";

//insert data into database. SQL Injection bypass
     $sql = "INSERT INTO users (first_name, last_name, username, email, password, IP, total_entry, average_entry, date_of_registration, lastactive, user_level, account_state )
    VALUES (" . $this->db->escape($first_name) . ",
             " . $this->db->escape($last_name) . ",
             " . $this->db->escape($username) . ",
             '" . $email . "',
             '" . $password . "'
             '" . $IP . "'
             '" . $total_entry . "'
             '" . $average_entry . "'
             '" . $date_of_registration . "'
             '" . $lastactive . "'
             '" . $user_level . "'
             '" . $account_state . "')"; 



$result = $this->db->query($sql);

The code above doesn't work at all. However, when I comment out a few things it works. This code works, after commenting a few things:

//insert data into database. SQL Injection bypass
     $sql = "INSERT INTO users (first_name, last_name, username, email, password)
    VALUES (" . $this->db->escape($first_name) . ",
             " . $this->db->escape($last_name) . ",
             " . $this->db->escape($username) . ",
             '" . $email . "',
             '" . $password . "')"; 

        /*   '" . $IP . "'
             '" . $total_entry . "'
             '" . $average_entry . "'
             '" . $date_of_registration . "'
             '" . $lastactive . "'
             '" . $user_level . "'
             '" . $account_state . "')";  */

With the code above, the user is successfully registered. I don't know what I'm doing wrong.

Answer 1

This error might appear because you are missing the commas after attributes "password", "IP", "total_entry" etc. It explains why the code works when you comment these attributes.

Answer 2

Why don't you use active record ? You will drastically reduce the risk of mistake.

$data = array(
      'first_name' => $first_name ,
      'last_name' => $last_name ,
      'username' => $username,
      'email' => $email,
      'password' => $password,
      'IP' => $IP,
      'total_entry' => $total_entry,
      'average_entry' => $average_entry,
      'date_of_registration' => $date_of_registration,
      'lastactive' => $lastactive,
      'user_level' => $user_level,
      'account_state' => $account_state
);
 $this->db->insert('tablename', $data);

On a side note, You should separate your database calls in Models and the process after the submit

Controller:

$data = array(
      'first_name' => $this->input->post('first_name'),
        /*other fields here */
);

$this->my_model->insert_user($data);

Model :

function insert_user($data) 
{
     $this->db->insert("table", $data);
}

More details here : http://www.codeigniter.com/user_guide/database/active_record.html#insert