0

`I am trying to enter data to database from a registration form but it seems not working and I think I did the right coding I'm not sure where I did wrong I read code by code and all the database I created did follow . 

<form method='post' action='login.php'>
<table width='400' border='5' align='CENTER'>

<tr>
<td><h1>Registration</h1></td>

</tr>

<tr>
<td>User Name:</td>
<td><input type='text' name='name'/></td>
</tr>

<tr>
<td>Password:</td>
<td><input type='password' name='pass'/></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td><input type='submit' name='register' value='register'/></td>

</tr>

</table>
</form>


<?php
    $connect=mysql_connect("localhost","root","");
    $db_selected = mysql_select_db("users_db", $connect); 
    if(isset($_POST['submit'])){

    $users_name = $_POST['name'];
    $users_pass = $_POST['pass'];
    $users_email = $_POST['email'];

    if($users_name==''){
    echo "<script>alert('Please enter your Username')</script>";
        exit();
    }

    if($users_pass==''){
    echo "<script>alert('Please enter your password')</script>";
        exit();
    }

    if($users_email==''){
    echo "<script>alert('Please enter your email')</script>";
        exit();
    }

    $check_email="select*from 
    users where 
    users_email='$users_email'";

    $run = 
    mysql_query($check_email) or
    die(mysql_error());


    if(mysql_num_rows($run)>0){

    echo"<script>alert('Email $users_email 
    is already exist in our databse, please try another 
    one')</script>";  exit();
    }


    $query = "insert into users 
    (users_name,users_pass,users_email) values('
    $users_name','$users_pass','$users_email')";


    { 
        $result = mysql_query($query) 
        or die(mysql_error());
    }

    echo"<script>alert
    window.open('','_self')</script>";
    }

?>
SaidbakR
  • 11,955
  • 16
  • 89
  • 173
dean012
  • 13
  • 1
  • 5
  • 9
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Oct 17 '13 at 21:38
  • Have you tried `echo`ing `$query` and running the final query in phpMyAdmin or whatever other database tools you have to make sure it is correct? – Ken Herbert Oct 17 '13 at 21:47
  • I don't see any `INSERT` statements. So no data will ever go into your DB – Machavity Oct 17 '13 at 21:48
  • @Machavity look for `$query` in the code. – Ken Herbert Oct 17 '13 at 21:49
  • Do you really have a newline before `$users_name` in the query? – Barmar Oct 17 '13 at 21:51
  • In the $check_email query you should add spaces around the *. – Lajos Veres Oct 17 '13 at 21:53
  • yup i added space but still not working @LajosVeres – dean012 Oct 17 '13 at 22:09
  • You have to tell us about the HTML form you use to submit the data. Where it is in relation to the PHP page and what's its action attribute and method attribute. – SaidbakR Oct 17 '13 at 22:09
  • How did this get a +1? – Loko Jan 13 '14 at 13:08

1 Answers1

1

Change the initial assignments to:

$users_name = mysql_real_escape_string($_POST['name']);
$users_pass = mysql_real_escape_string($_POST['pass']);
$users_email = mysql_real_escape_string($_POST['email']);

to avoid problems with special characters in the fields, as well as to protect against SQL injection.

Change the insert query to:

$query = "insert into users (users_name,users_pass,users_email)
          values('$users_name','$users_pass','$users_email')";

You had an extraneous newline and spaces before $users_name, so these were being inserted into the database.

Barmar
  • 596,455
  • 48
  • 393
  • 495