php and sql 'INSERT INTO' not populating sql database

Question

Thanks ahead of time. I have checked the forum. The php program allows a user to login and enter info into a mySQL database table Names. It checks that all fields are filled in, that passwords match, that the user does not already exist. This is one of several programs that work together

All of the code works except for one aspect. It will not INSERT INTO the database table Names.

I ran into an analogous problem a couple of months ago.

QUESTION. Could the problem be that I have not set PERMISSIONS to allow a write to this table or database ?

QUESTION. Where are this files located to do this ? Macbookpro. OSX10.8.3.
PHP Version 5.3.15

Troubleshooting 1. I am connected to mysql database.
2. I am able to manually insert data into the fields. 3. All of the code below works; appropriate echoing dependent upon which fields are filled in or not. 4. The code does NOT give back any error messages.
5. Where in my code should I include ?? die(mysql_error()); 6. Why won't the data INSERT INTO ?

register.php
<?php
require 'core.include.php';  // it has the loggedin() function
require 'connect.include.php';
//require 'register.success.php';

if (!loggedin())  {
   // check if each form field is filled and correctly submitted

if(isset($_POST['username'])  &&
isset($_POST['password']) &&
isset($_POST['password_again'])  &&
isset($_POST['firstname']) &&    
isset($_POST['surname']))  {

    $username = $_POST['username'];
    $password = $_POST['password'];
    $password_again = $_POST['password_again'];
    $password_hash = md5($password);
    $firstname = $_POST['firstname'];
    $surname = $_POST['surname'];

// check if ALL fields are filled in
    if
        (!empty($username)&&
        !empty($password)&&
        !empty($password_again)&&
        !empty($firstname)&&
        !empty($surname))   {

        if(strlen($username)>30||strlen($firstname)>45||strlen($surname)>45) {
            echo 'please adhere to maxlengths of fields';
        }else{
            if($password!=$password_again) {
                echo 'Passwords do not match.';
                }else{

                    // start the registration process
                    // check if the user already exists in the database

                    $query = "SELECT `username` FROM `Names` WHERE `username` = '$username'";

                    //if the above $query returns a row than the user already exists

                    $query_run = mysql_query($query);

// I am unclear about what the above standard function actually accomplishes

                    if (mysql_num_rows($query_run)==1) {
                        echo "The username '.$username.' already exists";
                    }else{

                        //start the registration process
$query = "INSERT INTO `Names` VALUES 
        (' ',
        '".mysql_real_escape_string($username)."',
        '".mysql_real_escape_string($password_hash)."',
        '".mysql_real_escape_string($firstname)."',
        '".mysql_real_escape_string($surname)."')";  

        if ($query_run = mysql_query($query)) {

    // if this query is successful:  mysql_query($query))  
    // we locate the user to a page so they do not keep over registering 
    // echo 'registered';

        header('Location:register_success.php');
        } else {
      echo 'Sorry, we could not register you at this time.';

// this is the problem.  
// this message always returns when I attempt to register a new user.
     }
   }
  }
 }
                   ////  echo 'Okay.';  // testing
                   ////  echo "The username '.$username.' already exists";  // testing
                  // note.  below inline php code will use the variables 
                  //so that if the user types in 4 of 5 fields they will 
                  //not have to retype in all of the fields again.

        } else{       
          echo 'All fields are required.';
     }
   }
?>

Register Form:
<br><br>
<form action = "registration.php"  method ="POST">
    Username:<br> <input type ="text" name ="username" maxlength="32" value = "<?php 
if (isset($username)) {echo $username;} ?>"><br><br>
    Password:<br> <input type ="password" name ="password" > <br><br>
    Password Again: <br> <input type ="password" name ="password_again" > <br><br>
    Firstname:<br> <input type ="text" name ="firstname" maxlength="45"value="<?php     
if (isset($firstname)) {echo $firstname;} ?>"><br><br>
    Surname:<br> <input type ="text" name ="surname" maxlength="45" value = "<?php 
if (isset($surname)) {echo $surname;} ?>"><br><br>
    <input type ="submit" value ="register"><br><br>
</form>

<?php  
    //echo 'register';
    }else if (loggedin ()) {
    echo 'you are already registered and logged in.';
    }    
?>

Answer 1

For debugging this issue, in your code, after the mysql_query call returns FALSE, use the mysql_error() function to retrieve the MySQL error message.

For example:

        } else {
      echo 'Sorry, we could not register you at this time.';

// this is the problem.  
// this message always returns when I attempt to register a new user.

      // for debugging: echo mysql_error(); or 
      die('error: '. mysql_error());

The error message should indicate whether it's a syntax problem, whether the number of values you are inserting match the number of columns in the (implicit) column list, whether the rows violates a constraint, whether the user has insufficient privileges issue, etc.

---

With an INSERT statement, it's best practice to explicitly list the columns that are receiving the values, e.g.

INSERT INTO foo (fee, fi, fo, fum) VALUES ('e','i','o','u');

Then your statement won't be later "broken" if a new column is added, or if the order of the columns is changed.

---

If it's a permissions/privileges problem, then you'd need to GRANT appropriate privileges to the mysql user you're connecting as. For example:

GRANT INSERT ON mydatabase.`Names` TO myser@myhost;

The privileges are stored in the mysql database, in the user, db and tables_privs tables. Privileges can be granted globally, on all databases (... ON *.*), at the database level (... ON mydatabase.*) or at the individual table level (... ON mydatabase.mytable)