CODEWITHSUNDEEP
phpmysql
Blake Cothran
Blake Cothran

Reputation: 5

Data not Inserting into Database and no error

I have a problem...

Im trying to take data inserted into my html5 form and insert it into a database. Now i have the form made along with a script that should be working; instead there is no data being inserted into the database and there is no error showing. Please help.

form.php

<form name="loginForm" method="post" action="process.php">
<input id="username" type="text" placeholder="Username" name="username">
<input id="password" type="password" placeholder="Password" name="password">
<input type="submit" id="Login" class="form-control" value="Log In">
</form>

process.php

<?
$username=$_POST['username'];
$password=$_POST['password'];
mysql_connect("localhost", "root", "toor") or die(mysql_error());
mysql_select_db("formd") or die(mysql_error());  mysql_query("INSERT INTO `data` VALUES ('$username', '$password')");
Print "Your information has been successfully added to the database.";
?>

Now i know this isnt a secure way to store passwords or usernames but this isnt for any website really i just wanna know how to take information from my form and store it into a database.

Upvotes: 0

Views: 11938

Answers (2)

Birdy
Birdy

Reputation: 773

Im still learning the very basics myself, i have not tested this and just snipped it out of a very long sql script i have so it may work and may not, hopefully it does help you out.. if not take a look at the link below the code. Hope it works for you or may need a little tweak. Thanks

    <?php
if (isset($_POST['submit'])) {

$submit         = $_POST['submit'];
$username     = $_POST['username'];
$password     = $_POST['password'];

$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'toor';
$conn   = mysql_connect($dbhost, $dbuser, $dbpass);
if (!$conn) {
    die('Could not connect: '.mysql_error());
}

$sql = "INSERT INTO data (username','password')
              VALUES('$username','$password')";

mysql_select_db('formd');
$retval = mysql_query($sql, $conn);
if (!$retval) {
    die('Could not enter your data: '.mysql_error());
}
echo "Entered your dara successfully\n";
mysql_close($conn);
} else {
    echo "Something has gone wrong.";
}

?>

Alternative link to take a look at: http://www.jotform.com/help/126-How-to-send-Submissions-to-Your-MySQL-Database-Using-PHP

Upvotes: 0

VolkerK
VolkerK

Reputation: 96189

You've added minimal error handling to all mysql functions call but the one involved in the actual query....

The script is also prone to sql injections.

The mysql_* extension is mared as deprecated, better pick another mysql extension.

<?php
$mysql = mysql_connect("localhost", "root", "toor")
  or die(mysql_error());
mysql_select_db("formd", $mysql)
  or die(mysql_error($mysql)); 

$username=mysql_real_escape_string($_POST['username'], $mysql);
$password=mysql_real_escape_string($_POST['password'], $mysql);

mysql_query("INSERT INTO `data` VALUES ('$username', '$password')", $mysql)
  or die(mysql_error($mysql));
echo "Your information has been successfully added to the database.";

using or die(mysql_error()) can lead to Information Leakage issues

Upvotes: 2

Related Questions