I've created a form that when filled out inserts a new user and password into a table. The problem I'm having is instead of the new username and password getting inserted I'm just getting the variables 'newusername' and 'newpassword' going into the tables. The insertion is working, just not getting the actual username and password inserted. The form I have calls this php code as the action.....could someone have a look at the code below and see where I'm going wrong? Thanks!
<?php
$host="....com";// Host name
$username="...name";// Mysql username
$password="...pass";// Mysql password
$db_name="...db";// Database name
$tbl_name="...user";// Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $newusername and $newpassword
$newusername=$POST['newusername'];
$newpassword=$POST['newpassword'];
$SESSION['newusername'] = $newusername;
$SESSION['newpassword'] = $newpassword;
// To protect MySQL injection
$newusername=stripslashes($newusername);
$newpassword=stripslashes($newpassword);
$newusername=mysql_real_escape_string($newusername);
$newpassword=mysql_real_escape_string($newpassword);
//write the required data to database
//mysql_select_db($db_name);
$sql = "INSERT INTO users (username, password) VALUES ('newusername', 'newpassword')";
$result = mysql_query($sql) or trigger_error(mysql_error(),E_USER_ERROR);
?>
