Trouble with Database Editing through PHP (website registration page)

[WalterFarber]

I need help trying to figure out why my form won't write the database it is supposed to - i checked the connection to the database and it works and the user seems to have permission to edit database - the error I get is "Error: User not added to database." from "register.php". Can someone please look over my code and see if the problem is coming from somewhere within?

 

I created a connection file (connect.php)

<?
session_start();
// Replace the variable values below
// with your specific database information.
$host = "localhost";
$user = "master";
$pass = "hidden";
$db   = "user";
// This part sets up the connection to the 
// database (so you don't need to reopen the connection
// again on the same page).
$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.\n";
}
// Then you need to make sure the database you want
// is selected.
mysql_select_db($db);
?>

Then there is the php script (register.php):

<?php
session_start();
// connect.php is a file that contains your
// database connection information. This
// tutorial assumes a connection is made from
// this existing file.
	require('connect.php');
    // If the values are posted, insert them into the database.
    if (isset($_POST['email']) && isset($_POST['password'])){
        $firstname = $_POST['firstname'];
        $lastname = $_POST['lastname'];
		$email = $_POST['email'];
        $password = $_POST['password'];
 
        $query = "INSERT INTO `member` (firstname, lastname, email, password) VALUES ('$firstname', '$lastname', '$email' '$password')";
        $result = mysql_query($query);
        if ( !mysql_insert_id() )
  {
  die("Error: User not added to database.");
  }
 else
  {
  // Redirect to thank you page.
  Header("Location: surveylanding_no-sidebar.html");
  }
    }
    ?>

Here is the HTML form:

<form name="htmlform" method="post" class="form" action="register.php"> 
   
    <p class="firstname"> 
        <input type="text" name="firstname" id="firstname" /> 
        <label for="firstname">First Name</label> 
    </p> 
     
    <p class="lastname"> 
        <input type="text" name="lastname" id="lastname" /> 
        <label for="lastname">Last Name</label> 
    </p> 
     
    <p class="email"> 
        <input type="email" name="email" id="email" /> 
        <label for="email">Email</label>
    </p> 
     <p class="Password"> 
        <input type="password" name="password" id="password" /> 
        <label for="password">Password</label> 
    </p> 
       
    <p class="submit"> 
        <input type="submit" value="Register"/> 
    </p> 
   
</form>

[jcbones]

Change:

 

$result = mysql_query($query);
if ( !mysql_insert_id() )
{
die("Error: User not added to database.");
}

To:

if(!$result = mysql_query($query)) {
 echo 'There is trouble with: ' . $query . '<br />' . mysql_error();
}

 

When you get that sorted out, switch it all over to mysqli or PDO. Prepare those queries, and then execute them.  The way you have it now, you are looking at db injection plus a lot of other problems.
 

[WalterFarber]

I looked into using PDO and the new code i put together worked. Thanks for your help and suggestions!