[SOLVED] Very VERY simple php variable trouble

[Snooble]

Hello everyone,

Just making my first login system using Mysql and Php. I have a php file in which variables are present.

I want to make it save $email and $pass to the database. the colums are Email and Password

does that make sense? Anyway heres the code i've got so far.
[code]<php
...
$sql='INSERT INTO `web_members` (`Email`, `Password`) VALUES (\''.$_POST['email'].'\', \''.$_POST['pass'].'\')';
?>[/code]

where am i going wrong?

Thanks

Snooble

[ted_chou12]

Try: `web_members` to web_members, i dont think you need anything around it.
Ted

[HuggieBear]

OK, firstly that code can be simplified to:

[code]<?php
$sql = "INSERT INTO web_members (Email, Password) VALUES ('" . $_POST['email'] . "', '" . $_POST['pass'] . "')";
?>[/code]

If that's not working then add some error checking to your mysql_query() line like this:

[code]<?php
$result = mysql_query($sql) or die ("Can't execute $sql: " . mysql_error());
?>[/code]

This will output the error from mysql if it fails to run the query for any reason.  You should also sanitise your user input to prevent SQL injection.

Regards
Huggie

[Snooble]

woh.. Wait a second. Sanitise? I know how to inject Mysql but i can't even get php to write the variables yet. Once i see my variables appearing in the database then i can worry about protecting it lol.

I'm sorry but i have almost no experience with mysql... where should i place the query? and should i take out my insert?

Snooble (God you must get frustrated with this!) :)

[HuggieBear]

OK, maybe you should show us the code you do have.

Huggie

[Snooble]

yes. Well i've ran the code through myadmin and it adds the info.

Heres the php:

[code]<?php
$host="***********"; // Host name
$username="*******"; // Mysql username
$password="*******"; // Mysql password
$db_name="************"; // Database name
$tbl_name="web_members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql = "INSERT INTO web_members (Email, Password) VALUES ('$email', '$pass')";
echo '<form action="index.php" method="post">
<input type="hidden" name="email" value="'.$_POST['email'].'">
<input type="hidden" name="fname" value="'.$_POST['fname'].'">
<input type="hidden" name="sname" value="'.$_POST['sname'].'">
<input type="hidden" name="pass" value="'.$_POST['pass'].'">
<input type="hidden" name="passtwo" value="'.$_POST['passtwo'].'">
<input type="hidden" name="llno" value="'.$_POST['llno'].'">
<input type="hidden" name="mobno" value="'.$_POST['mobno'].'">
<input type="hidden" name="addno" value="'.$_POST['addno'].'">
<input type="hidden" name="addone" value="'.$_POST['addone'].'">
<input type="hidden" name="addtwo" value="'.$_POST['addtwo'].'">
<input type="hidden" name="addthree" value="'.$_POST['addthree'].'">
<input type="hidden" name="city" value="'.$_POST['city'].'">
<input type="hidden" name="other" value="'.$_POST['other'].'">
<input type="hidden" name="country" value="'.$_POST['country'].'">
<input type="hidden" name="noc" value="'.$_POST['noc'].'">
<input type="hidden" name="ccno" value="'.$_POST['ccno'].'">
<input type="hidden" name="expdate" value="'.$_POST['expdate'].'">
<input type="hidden" name="cvv" value="'.$_POST['cvv'].'">
<input type="image" src="register.gif" name="submit" alt="Log In" value="Log In" />';
$pass = $_POST['pass'];
$email = $_POST['email'];
$passtwo = $_POST['passtwo'];
$fname = $_POST['fname'];
$sname = $_POST['sname'];
$llno = $_POST['llno'];
$mobno = $_POST['mobno'];
$addno = $_POST['addno'];
$addone = $_POST['addone'];
$addtwo = $_POST['addtwo'];
$addthree = $_POST['addthree'];
$city = $_POST['city'];
$postcode = $_POST['postcode'];
$other = $_POST['other'];
$title = $_POST['title'];
$country = $_POST['country'];
?>
[/code]

[ted_chou12]

so instead of login, i think this code is for signup, am i right?
Ted

[Snooble]

yes a registration.

[ted_chou12]

how come the values are hidden ???

[HuggieBear]

OK, this code is a little off the mark.  You need to imagine the way a page flows...

Step 1 - Present a form for the user to fill out
Step 2 - Form is filled out and submitted
Step 3 - Validation occurs and if failed returned to form, if ok, continue (Optional step)
Step 4 - Process the information and insert into the database
Step 5 - Confirm to the user that they've registered.

Would you agree that the above is what you're trying to achieve?

Regards
Huggie

[Snooble]

they are posted from a different page of the registration. Anyway, this isn't the point.

I need help with posting the variables into the database.

----------------

@Huggie.

Right huggie i have a 3 page registration form.

Page one
---------
A form:
email
first name
surname
password
etc.

posts to page two
-------------------------------------

Page two
----------
hidden fields
second part of the registration - more forms

posts variables to last page

-----------------------------------------

Last page
----------
Hidden fields
Assigns variables
Fwrites to file (All variables are present)
?WRITES TO DATABASE ON PAGE LOAD

echo "you have registered"

directs to login.php on submit

------------------------------------------

Is that what you're looking for?

Sorry if its unclear but the only trouble i have is with the database.

Thank you

Snooble

[HuggieBear]

That makes it much clearer... Try this code:

[code]<?php
$host="***********"; // Host name
$username="*******"; // Mysql username
$password="*******"; // Mysql password
$db_name="************"; // Database name
$tbl_name="web_members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password") or die ("cannot connect: " . mysql_error());
mysql_select_db("$db_name") or die("cannot select DB: " . mysql_error());
$sql = "INSERT INTO web_members (Email, Password) VALUES ('" . $_POST['email'] . "', '" . $_POST['pass'] . "')";
mysql_query($sql) or die ("Couldn't execute $sql: " . mysql_error());

echo '<form action="index.php" method="post">
<input type="hidden" name="email" value="'.$_POST['email'].'">
<input type="hidden" name="fname" value="'.$_POST['fname'].'">
<input type="hidden" name="sname" value="'.$_POST['sname'].'">
<input type="hidden" name="pass" value="'.$_POST['pass'].'">
<input type="hidden" name="passtwo" value="'.$_POST['passtwo'].'">
<input type="hidden" name="llno" value="'.$_POST['llno'].'">
<input type="hidden" name="mobno" value="'.$_POST['mobno'].'">
<input type="hidden" name="addno" value="'.$_POST['addno'].'">
<input type="hidden" name="addone" value="'.$_POST['addone'].'">
<input type="hidden" name="addtwo" value="'.$_POST['addtwo'].'">
<input type="hidden" name="addthree" value="'.$_POST['addthree'].'">
<input type="hidden" name="city" value="'.$_POST['city'].'">
<input type="hidden" name="other" value="'.$_POST['other'].'">
<input type="hidden" name="country" value="'.$_POST['country'].'">
<input type="hidden" name="noc" value="'.$_POST['noc'].'">
<input type="hidden" name="ccno" value="'.$_POST['ccno'].'">
<input type="hidden" name="expdate" value="'.$_POST['expdate'].'">
<input type="hidden" name="cvv" value="'.$_POST['cvv'].'">
<input type="image" src="register.gif" name="submit" alt="Log In" value="Log In" />';
$pass = $_POST['pass'];
$email = $_POST['email'];
$passtwo = $_POST['passtwo'];
$fname = $_POST['fname'];
$sname = $_POST['sname'];
$llno = $_POST['llno'];
$mobno = $_POST['mobno'];
$addno = $_POST['addno'];
$addone = $_POST['addone'];
$addtwo = $_POST['addtwo'];
$addthree = $_POST['addthree'];
$city = $_POST['city'];
$postcode = $_POST['postcode'];
$other = $_POST['other'];
$title = $_POST['title'];
$country = $_POST['country'];
?>
[/code]

Regards
Huggie

[Snooble]

I thank you very much. I see you helping everyone. You are a genius Huggy.

It's not sending the variable, i get a blank input to the table. But i will fix this. It's going to be trouble with the variable. Thanks!

Snooble

SOLVED :D

[HuggieBear]

My pleasure...

Huggie