can't input data to mysql with php

Question

Hi everybody i have a problem with data input from html form throu php to mysql the connection has been done i test it and its working but i cant figure out why data isn't imputed ive double checked the database and its as should be

registration form

<form action="register.php" method="post">
<table>
    <tr>
        <td>UserName</td>
        <td><input type="text" name="username"></td>
    <tr>
        <td>Password</td>
        <td>
            <input type="password" name="password">
        </td>
    <tr>
        <td>
            First Name
        </td>
        <td>
            <input type="text" name="fname">
        </td>
    </tr>
    <tr>
        <td>
            Last Name
        </td>
        <td>
            <input type="text" value="" name="lname">
        </td>
    </tr>
    <tr>
        <td>
            E-Mail
        </td>
        <td>
            <input type="email" name="mail">
        </td>
    <tr>
        <td>
            <input type="submit" value="Done!!!">
        </td>
    </tr>
</table>

database conntection

<?php
    $db_adress="localhost";
    $db_username="root";
    $db_password="******";
    $db_name="accounts";
    @mysql_connect("$db_adress","$db_username","$db_password") or die ("Could not connect the DATABASE for more infos go kill yourself");
    @mysql_select_db("$db_name") or die ("No Database");
?>

data input code

    $username = $_POST['username'];
    $password = $_POST['password'];
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];
    $mail = $_POST['mail'];

    $insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES (""'.$username.'", "'.$password '", "'.$fname.'", "'.$lname.'" ,"'.$mail.'")");
    mysql_query($insert);
    echo "Done";

I am glad for any help!

Answer 1

For the record, you accepted the wrong answer, syntax-wise.

Table and column names are not to be wrapped in quotes, but either use no quotes or use backticks.

$insert=("INSERT INTO register (Username, Password, FirstName, LastName, email)  
VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");

or:

$insert=("INSERT INTO `register` (Username, Password, FirstName, LastName, email) VALUES 
('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");

---

I also recommend you sanitize your inputs:

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$mail = mysql_real_escape_string($_POST['mail']);

mysql_* functions are deprecated and will be removed from future PHP releases.

Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)

• http://www.php.net/manual/en/intro.mysql.php

This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.

---

I also noticed that you are storing passwords in plain text. This is not recommended.

Use one of the following:

• crypt()
• bcrypt()
• scrypt()
• PBKDF2
• PHP 5.5's password_hash() function.

Answer 2

Try this:

I think your syntax of query is wrong. Try given below.

$insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");

Answer 3

The problem is the way you are concating. try this-

$insert=('INSERT INTO register(Username, Password, FirstName, LastName, email) VALUES ("'.$username.'", "'.$password '", "'.$fname.'", "'.$lname.'" ,"'.$mail.'")');

Answer 4

It's because of Single quotes and double quotes.

Try below code.

$insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");

Answer 5

Your insert query is not properly enclosed in quotes. Try this

$insert= "INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')";