PHP Code Help

[Codey]

Hello

 

I am new to PHP and am working on an exercise but is not working, the problem is that is not inserting the data in to mysql database.

 

When enter the user and password in the html page runs and give no problems, get no errors.

 

In MySQL one table created with: ID, NOMBRE, PW

 

 

Linux OS OpenSuse 13.1 / localhost

Apache 2.4.6

Database Server version 5.5.33-MariaDB

Database client version mysqlnd 5.0.10

PHPMyAdmin 4.1.14

 

Attached is a screenshot of the PHPMyAdmin table.

 

 

 

This is my index dot php

<!DOCTYPE>
 <html> 
  <head> 
  <title> Insertar Nombre Password </title> 
  </head> 
  <body>


<form action="insertar.php" method="post" name="form">


           <input type="text" name="nombre" /><br /><br />
           <input type="password" name="pw" /><br /><br />
           <input type="submit" value="insertar datos" />


</form>
</body> 
</html> 

insertar dot php

<?php


 //Include another script in this one.


 include("conexion.php");


 if(isset($_POST['nombre']) && !empty($_POST['nombre']) &&
 isset($_POST['pw']) && !empty($_POST['pw'])) 
 {


//Connect to the database


$con = mysql_connect($host,$user,$pw)or die("problemas al conectar");


mysql_select_db($db,$con)or die("problemas al conectar la bd");


mysql_query("INSERT INTO CodigoF (NOMBRE,PW) VALUES ('$_POST[nombre]','$_POST[pw]')",$con);
echo "datos insertados";


 }


 else {
  echo "problemas al insertar datos";
  }


?>

conexion dot php

<?php


$host = "localhost";
$user = "root";
$pw = "Fafa1669";
$db = "CodigoFacilito";


?>

Hope some one can guide me in the right direction, thank you.

 

[ginerjm]

Turn on php error checking and also check the results of your call to query and you would have answers.  Basically - you left off the quotes in your query statement values, which btw are not secure.

[Codey]

Thank you for the reply, I have php error checking "on", but still code does not work, have checked the quotes you mentioned but same problem persist, no error message is shown everything ok except that data is not saved in the db.

[richei]

change

mysql_query("INSERT INTO CodigoF (NOMBRE,PW) VALUES ('$_POST[nombre]','$_POST[pw]')",$con);
echo "datos insertados";

 

to

 

if(is_numeric($_POST['nombre'])) {
   $nombre = mysql_real_escape_string($_POST['nombre');
} else {
   $err[] = "Must be a number";
}
 
if(is_numeric($_POST['pw'])) {
    $pw = mysql_real_escape_string($_POST['pw');
} else {
    $err[] = "Password must be a number";
}
 
if(empty($err)) {
    $ins = mysql_query("INSERT INTO CodigoF (NOMBRE,PW) VALUES ($nombre, $pw)") or die(mysql_error());
    if($ins) {
         echo "datos insertados";
    } else {
         echo "problemas al insertar datos";
    }
} else {
   foreach($err as $code) {
       echo $code."<br>";
   }
}

His input doesn't need the quotes in the query, they're integers in the database table.

[cyberRobot]

Note that is_numeric() will consider the follow as numbers:

• 0x539
• 1337e0
• 9.1

To make sure the values only contain numbers, you can use ctype_digit().

http://www.php.net/manual/en/function.ctype-digit.php

 

 

Also, it's worth pointing out that richei added a call to mysql_error() to the following line:

$ins = mysql_query("INSERT INTO CodigoF (NOMBRE,PW) VALUES ($nombre, $pw)") or die(mysql_error());

 

This function should help determine if there's anything wrong with the query. More information about the function can be found here:

http://www.php.net/manual/en/function.mysql-error.php

[Codey]

Thank you very much for the help !