Kez323 Posted March 8, 2013 Share Posted March 8, 2013 Hey, Im new to PHP and am trying to make a simple form where it puts the form data into a table called "users" This is the form: <p><form method="post" action="register.php"> <table border="0" align="center"> <tr> <td>Username</td><td><input type="text" name="username" size="15" > </tr> <br /> <tr> <td>Password</td><td><input name="password" type="password" size="15"></td> </tr> <br /> <td><input type="submit" value="Sign Up"/></td><td></td> </table> This is the php code: <?php $dbhost = ''; $dbname = ''; $dbuser = ''; $dbpass = ''; mysql_connect($dbhost,$dbuser,$dbpass); mysql_select_db($dbname); $order = "INSERT INTO users (username, password) VALUES ('$username', '$password')"; $result = mysql_query($order); if($result){ echo("<br>It Worked!"); } else{ echo("<br>It Failed!"); } ?> But when i upload it to the server and try it, it says there was a entry but its blank..... When i upload it to a server and try it, it automaticly seems to post the data to the database before i even enter a username/password! when i type a username/password in and post it again it says there was another entry but its blank..... any help? - Thanks! Quote Link to comment Share on other sites More sharing options...
Solution Barand Posted March 8, 2013 Solution Share Posted March 8, 2013 (edited) echo $order; to see what the query looks like You missed out a couple of lines before the query. You need to get the POSTed data and sanitize it. $username = mysql_real_escape_string($_POST['username']; $password= mysql_real_escape_string($_POST['password']; Edited March 8, 2013 by Barand Quote Link to comment Share on other sites More sharing options...
Kez323 Posted March 8, 2013 Author Share Posted March 8, 2013 Oh! Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.