For the record, you accepted the wrong answer, syntax-wise.
Table and column names are not to be wrapped in quotes, but either use no quotes or use backticks.
$insert=("INSERT INTO register (Username, Password, FirstName, LastName, email)
VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");
or:
$insert=("INSERT INTO `register` (Username, Password, FirstName, LastName, email) VALUES
('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");
I also recommend you sanitize your inputs:
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$mail = mysql_real_escape_string($_POST['mail']);
mysql_*
functions are deprecated and will be removed from future PHP releases.
Use mysqli_*
functions. (which I recommend you use and with prepared statements, or PDO)
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.
I also noticed that you are storing passwords in plain text. This is not recommended.
Use one of the following:
crypt()
bcrypt()
scrypt()
- PBKDF2
- PHP 5.5's
password_hash()
function.