posting form data into sql database?

[Kez323]

Hey,

 

Im new to PHP and am trying to make a simple form where it puts the form data into a table called "users"

 

This is the form:

<p><form method="post" action="register.php">
<table border="0" align="center">
<tr>
<td>Username</td><td><input type="text" name="username" size="15" >
</tr>
<br />
<tr>
<td>Password</td><td><input name="password" type="password" size="15"></td>
</tr>
<br />
<td><input type="submit" value="Sign Up"/></td><td></td>
</table>

 

This is the php code:

<?php
$dbhost  = '';
$dbname  = '';
$dbuser  = '';
$dbpass  = ''; 

mysql_connect($dbhost,$dbuser,$dbpass);
mysql_select_db($dbname);

$order = "INSERT INTO users
			(username, password)
			VALUES
			('$username',
			'$password')";


$result = mysql_query($order);
if($result){
	echo("<br>It Worked!");
} else{
	echo("<br>It Failed!");
}
?>

 

 

But when i upload it to the server and try it, it says there was a entry but its blank.....

When i upload it to a server and try it, it automaticly seems to post the data to the database before i even enter a username/password!

 

when i type a username/password in and post it again it says there was another entry but its blank.....

 

any help?

 

- Thanks!

[Barand]

echo $order;

 

to see what the query looks like

 

You missed out a couple of lines before the query. You need to get the POSTed data and sanitize it.

 

$username = mysql_real_escape_string($_POST['username'];
$password= mysql_real_escape_string($_POST['password'];

Edited March 8, 2013 by Barand

[Kez323]

Oh!

 

Thanks