insert data into the database?

blueskipping

ok so far i have....
1.connected to phpmyadmin
2.used mysql_query to input data to test and a script (i think)
3.wrote the html page with a action to my php file

so here my html file

<form action="new6.php" method="post">
id: <input type="text" name="id" />
username: <input type="text" name="username" />
password: <input type="text" name="password" />
<input type="submit" />
</form>

</body>
</html>

heres my php file that should be sending the info to the database
<?php

session_start();
$server = 'localhost';
$db_username = 'root';
$db_password = '';
$database = 'mike';

if (!mysql_connect ($server, $db_username, $db_password)){
die('could not connect');
}
echo "connected!";
if(!mysql_select_db($database)){
die('could not connect to database');

}

$sql="INSERT INTO test (id, username, password)
VALUES
('$POST[id]','$POST[username]','$_POST[password]')";

echo "1 record added";

ok well my problem is that when i have the html page and hit the submit query button it doesnt add any information to my table and is blank white and also doesnt echo "1 recorded added"?

JVassie

Firstly, please make sure you use the HTML and PHP tags when posting code, makes it a lot easier for people to read, and thus help you with!

Secondly, your HTML form, you have your password field set to text, not sure if this just for debugging, but it should really be 'password', which will change everything you type to '*' or similar.

Does your 'blank' page contain the text 'connected!'?

You need to use a mysql_query() call to actually insert the data into your database. Assigning the query to a variable ($sql) alone won't add the data!

Personally, this is how I connect to MySQL, makes it a little easier to read I think:

<?php
$conn = mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db('database', $conn) or die(mysql_error());
?>

The advantage of doing it that way (assigning the connection a variable) is you can then put that code into a seperate page (maybe call it db.php), and then include the page in each page which needs to connect to your database. Eg:

<?php
include("db.php");
?>

Your MySQL query could then look something like this:

<?php
global $conn; // This references the MySQL connection in db.php
$sql = "INSERT INTO test (id, username, password) VALUES ($_POST['id'],$_POST['username'],$_POST['password'])";
mysql_query($sql,$conn); // This actually performs the query on your database
?>

Some additional pointers, you should always try and avoid directly placing user input into your MySQL table, because it makes it very easy for someone to insert malicious code in, and wreak havoc.

Another security point, passwords are normally encrypted, even with a simple call to md5, for example:

<?php
$password = md5($_POST['password']);
?>

Hope this helps
James