[RESOLVED] Form not inserting into database?

Wales

I've been looking at this for several hours and can't figure out why this doesn't work.. Everything seems to be working fine. No errors, just not adding to my database.

html

<form action="register.php" method="post">
<br />
Username <input type="text" name="user" size="20" maxlength="15" />
<br />
<br />
Password <input type="password" name="password" size="20" maxlength="10" />
<br />
Email <input type="text" name="email" size="40" maxlength="40" />
<br />
<input type="submit" name="register" value="Register" />
</form>

php

<?php
include('db/connect.php');

$user = $_POST['user'];
$password = $_POST['password'];
$email = $_POST['email'];

mysql_select_db($db_name) or die(mysql_error());
$regdata = "INSERT INTO users (user, password, email) VALUES ('$_POST[user]', '$_POST[password]', '$_POST[email]')"; 
}

if (mysql_query ($regdata)) {
echo ('Thanks for registering.');
} else {
echo ('An error has occured.');
}


?>

bradgrafelman

When posting PHP code, please use the board's [PHP][/PHP] bbcode tags (not just the generic CODE tags) - they make the code much, much easier to read (as well as aiding the diagnosis of syntax errors). You should edit your post now and add these bbcode tags to help others in reading/analyzing your code.

It appears as though you're vulnerable to SQL injection attacks. User-supplied data should never be placed directly into a SQL query! Instead, sanitize it with a function such as [man]mysql_real_escape_string/man.

As to your problem, I don't see where $db_name is ever defined (we can only assume what 'connect.php' does). At any rate, have you tried debugging the SQL query with the error message provided by the SQL server? If the query fails, I find it helpful to output both the query itself (so that you can visually inspect it) as well as the error message returned by MySQL (via [man]mysql_error/man).

Wales

Thanks for replying. I somehow redid it and it worked. I must of left something out the first time.