Hi,

I've been racking my brain for the last few days to figure out what is wrong with my PHP coding. I've managed to get the default value from my combo box into my database, but when I change the option it is breaking on me.

I have reduced my html to just to combo box for you, please can you help me?

Here is my HTML:

<html>

<body>

<form action="Signup.php" method="post">
Username: <input type="text" name="Username" /> <br/>
Password: <input type="text" name="Password" /> <br/>

Secret Question: <select name="Secret_Question">
<option value="What is your mother's maiden name?">What is your mother's maiden name?</option>
<option value="What is your place of birth?">What is your place of birth?</option>
<option value="What is your favourite food?"selected="selected">What is your favourite food?</option>
<option value="What is your favourite pet's name?">What is your favourite pet's name?</option>
</select> <br/

<input type="submit" value="Submit" />
</form>

</body>

</html>

I have not bothered with any validation yet, I just want to learn this basic lesson first.

Here is my PHP:

//DECLARING VARIABLES
$host = "I have my IP address in here"; // Host
$dbuser="web41-admin-2"; // Mysql username 
$dbpassword="I have my password here"; // Mysql password 
$db_name="web41-admin-2"; // Database name 
$tbl_name="Users"; // Table name

$Username = $_POST['Username'];
$Password = $_POST['Password'];
$Secret_Question = $_POST['Secret_Question'];
$Secret_Answer = $_POST['Secret_Answer'];
$first_name = $_POST['first_name'];
$surname = $_POST['surname'];
$email = $_POST['email'];



//ESTABLISHING CONNECTION
$con = mysql_connect("$host","$dbuser","$dbpassword");
if (!$con) //IF CONNECTION FAILS
	die('Connection failed: ' . mysql_error()); //OUTPUTS ERROR MESSAGE
Else
	Echo "It worked"; //INFORMS OF SUCCESS

mysql_select_db($db_name, $con); // ALL FUNCTIONAL TO THIS POINT

$query = "INSERT into Users values 
	('".$Username."','".$Password."','".$Secret_Question."','".$Secret_Answer."','".$first_name."','".$surname."','".$email."')";
$result = mysql_query($query);
if ($result)
	echo mysql_affected_rows(). "user added";
?>

Also any feedback about my coding style will be greatly appreciated as I am a complete beginner.

    you should use some kind of a troubleshooting technique,

    -try to exho your SQL inser code,
    echo $query;

    -second one is to use the mysql_error()

    $query = "INSERT into Users values
    ('".$Username."','".$Password."','".$Secret_Question."','".$Secret_Answer."','".$first_name."','".$surname."','".$email."')";
    echo $query; // test in phpmyadmin
    $result = mysql_query($query) or die( mysql_error() );

    you should use mysql_real_escape_string() on your user inputs.

      Welcome to PHPBuilder! When posting PHP or HTML code, please use the board's [noparse]

      ..

      [/noparse] or [noparse]

      ..

      [/noparse] bbcode tags (respectively) as they make your code much easier to read and analyze.

      As for your issue, I suspect that djjjozsi's last suggestion will be very beneficial. To elaborate: user-supplied data should never be placed directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize this data with a function such as [man]mysql_real_escape_string/man (for string data) or use prepared statements.

        Problem solved, thank you to everyone that assisted.

          Write a Reply...