PHP MySQL Insertion Problem

inulled

$dbHost = "localhost";
$dbUsr = "root";
$dbPass = "";

function register() {
$username = md5($_POST['username']);
$password = md5($_POST['password']);
$remote	  = md5($_SERVER['REMOTE_ADDR']);

$connect = mysql_connect("$dbHost", "$dbUsr", "$dbPass");
mysql_select_db("drupia1", $connect);

$query = sprintf('INSERT INTO usrs (username, password, ip) VALUES("$username", "$password", "$remote"',
mysql_real_escape_string($username),
mysql_real_escape_string($password));
}

Why does the code above insert 0's into the database?

bradgrafelman

Few things:

I'm surprise your function inserts anything at all, since $dbHost, $dbUsr, and $dbPass are all undefined variables in that function's scope.
Why are you hashing the username and IP address?

Check the manual for how [man]sprintf/man is used. Since you don't have any placeholders (e.g. '%s') in the format string (the first parameter), your 2nd and 3rd (and any others) parameters are simply ignored. In other words, this:

$query = sprintf('INSERT INTO usrs (username, password, ip) VALUES("$username", "$password", "$remote"', 
mysql_real_escape_string($username), 
mysql_real_escape_string($password));

might as well just be this:

$query = 'INSERT INTO usrs (username, password, ip) VALUES("$username", "$password", "$remote"';

Note that since you used single quotes around the string above, '$username' will be exactly that - a dollar sign followed by the string 'username'; it will not be the value of the variable called $username. However, I suspect this point will be moot once you fix the aforementioned problem.
In standard SQL, strings are delimited by single quotes - not double quotes (which can often be used to delimit identifiers, e.g. database/table/column/etc. names).
The code snippet you showed will never insert anything into the DB (even if all of the above errors were fixed) because you never execute any SQL queries.

inulled

i forgot to mention that I've coded several other scripts any they all seem to insert 0's into the db. I just used this script as an example since it was the one i was currently working on. My question is could it be MySQL acting up. I've troubleshooted a little bit and figured out that the values passed from the form are what is keyed in. just doesn't wanna pass correctly to the table.

bradgrafelman

inulled;10979485 wrote:
My question is could it be MySQL acting up.

No software is 100% perfect, naturally.

However, until you fix the 6 glaring errors I mentioned above, I'd be hard pressed to start pointing any fingers at MySQL.

EDIT: Scratch that, make it 7 errors; you're missing a closing ')' for the VALUES clause.