views:

45

answers:

5

Cannot find the bug here, think so this whole script is fagged up, still can not see any signs of success as such.
The problem is when the form is hit with the specified details i.e. username , password and an e-mail address are not inserted into mysql database and I am unable to verify through PHP "How to check if details are present in database?".

   <?php
    ob_start();
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="cosmos"; // Database name 
    $tbl_name="members"; // Table name

    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");




    // Define $myusername and $mypassword and $mail
    $user=$_POST['myusername'];
    $pass=$_POST['mypassword'];
    $user = stripslashes($user);
    $pass = stripslashes($pass);
    $user = mysql_real_escape_string($user);
    $pass = mysql_real_escape_string($pass);
    $pass = md5($pass);
    $mail=$_POST['email'];

    $sql = "INSERT INTO `cosmos`.`members` (`id`, `username`, `password`, `email id`) VALUES (NULL, \'$user\', \'$pass\', \'$mail\'), (NULL, \'\', \'\', \'\');";
    $result=mysql_query($sql);
    echo "Pass!"; //dont know how to verify :)
    ob_end_flush();
    ?>

can you please correct this or give a new one , thanks in advance!

A: 

To work out whether something has entered or not use mysql_insert_id().

Shaun Hare
+1  A: 

You shouldn't escape the single quotes:

$sql = "INSERT INTO `cosmos`.`members` (`username`, `password`, `email id`) VALUES ('$user', '$pass', '$mail');";

Also don't forget to do this:

$mail = mysql_real_escape_string($_POST['email']);
captaintokyo
hey thanks , it really worked like charm. thank you very much
tunetosuraj
Good, please accept my answer and vote it up ;-)
captaintokyo
lol ... because the reason to be here is to get point not to help each other :D ...
Joe Hopfgartner
No, the reason to be here is to help each other, but the points stuff is part of the site, so why not...
captaintokyo
A: 

Don't escape the data quotes and remove the ";" at the end:

$sql = "INSERT INTO `cosmos`.`members` (`id`, `username`, `password`, `email id`) VALUES (NULL, '$user', '$pass', '$mail')";

To test if the query worked add:

if(mysql_error()) {
die('There was a problem inserting the data into the database');
}
Scott
A: 

is ** email id ** really your database field?

please do $mail = mysql_real_escape_string($mail);

to check whether the insert was successfull use mysql_insert_id() if you are using an auto increment key and your constraints are set up correctly.

i recommend checking in advance doing a select statement and to allow only certain characters in user names.

you can remove this part, it may only fuck up your login system. you are escpaing the strings anyway with mysql_real_escape_string:

$user = stripslashes($user);
$pass = stripslashes($pass);
Joe Hopfgartner
yes email id is a database field.how to use mysql_insert_id() (I am new to PHP)whats the difference if I dont remove $user = stripslashes($user);$pass = stripslashes($pass);
tunetosuraj
$id = mysql_insert_id() ... gives you the id that the last dataset has been inserted with. stripslashes removes escaping backslashes. i see no reason why you want to do that. it may give you a different md5 checksum than on the login page and things might not work
Joe Hopfgartner
A: 

To verify the insertion, do:

$result=mysql_query($sql) or die("INSERT failed: " . mysql_error());

If it worked, the script won't kill itself. If you need to do other checking, such as possibly making sure there wasn't a constraint violation (duplicate username?), then do

$result = mysql_query($sql);
if (mysql_error() === 1022) {
   $errmsg = 'Sorry, username already exists'; // or whatever you want the message to be
}

Full error code listing is document here.

Marc B