can't get data into data base table? MySQL returned an empty result set (i.e. zero rows)

[lukec19834]

config.php page

 

 

<?php

$localhost ="localhost";
$dbuser = "userxx";                 not real passwords !
$dbpassword = " xxxx";
$dbname = "xxxxxxx";

$connect = mysql_connect ($localhost,$dbuser,$dbpassword);  

mysql_select_db ($dbname,$connect);

?>

 

----------------------------------------------------------------------

                      registration.php page

 

<?php

if (isset ($_POST['submit'])){

include_once ('config.php');
 }

$name = $_POST['name'];
$lname = $_POST['lname'];
$uname = $_POST['uname'];
$email = $_POST['email'];
$pword = $_POST ['pword'];

$insert =  ('INSERT INTO users (name,lname,uname,email,pword) VALUES('$name','$lname','$uname','$email','$pword')');

   //  I have tryed alot of different way for the INSERT INTO and VALUE functions.            

mysql_query ($insert);

 ?>
 

 

// Iam a nubie at this just trying to get the basics to work any advice would help thanks !

 

 

 

 

[mac_gyver]

the actual mysql syntax of your query statement is correct. however, in the php context where it is at, it is throwing a php syntax error due to the use of the initial and final single-quotes around the php string and the single-quotes within the string.

 

it's generally best to use initial and final double-quotes when building a query statement using php -

$insert = "INSERT INTO users (name,lname,uname,email,pword) VALUES ('$name','$lname','$uname','$email','$pword')";

several points about the code you posted -

 

1) if you weren't getting a php parse/syntax error from that code, you need to set php's error_reporting to E_ALL and display_errors to ON in your php.ini on your development system so that php will help you by reporting and displaying all the errors it detects.  stop and start your web server to get any changes to the php.ini to take effect.

 

2) the only part of that code that is inside the if (isset ($_POST['submit'])){ ... } form processing logic is the include_once() statement. you need to move the closing } to the end of the form processing logic so that the form processing logic will only be executed when the form has been submitted. the current code will attempt to form and run the insert query any time it gets requested, even when a form has not been submitted.

 

3) you need to validate all form data before using it, i.e. you should not even run the insert query unless you know the data you have put into it was an expected value/data type.

 

4) you should be hashing your passwords to protect your user's information, see this link - http://www.php.net/manual/en/book.password.php (if you are not using the latest version of php that contains the functions mentioned at that link, you can find equivalent user written functions here -  https://github.com/ircmaxell/password_compat ).

 

5) you need to escape all string data being put into a query or use prepared query statements (prepared queries require using mysqli or PDO database functions) to prevent query errors and to prevent sql injection.

 

6) you need to ALWAYS test your mysql statements for errors. the connect(), select_db(), and query() statements can fail due to errors. your code should test for these (the statements return FALSE values) and you should both prevent the remainder of the code from producing follow-on errors and your code should let you know that an error occured and provide useful infomration about the error. during development, ALL the error information should be displayed to help you. when you put your code on a live server, verbose error information should be logged to help you and you should output some type of informational message to the user to alert them that the web site isn't going to function.

 

7) lastly, since you are just learning to use database statements. the mysql_ functions are depreciated and should not be used for any new code or any learning. see this link - http://www.php.net/manual/en/mysqlinfo.api.choosing.php