<?php $connect = @mysql_connect('localhost','root','') or die('ERROR Conection!'); @mysql_select_db('pepsoman',$connect) or die ('DataBase ERROR'); $success = ""; if(isset($_POST['reg'])){ $name = $_POST['name']; $surname = $_POST['surname']; $username = $_POST['username']; $password = $_POST['password']; $con_password = $_POST['con_password']; $age = $_POST['age']; $gender = $_POST['gender']; $insert = mysql_query("insert into users (name,surname,username,password,age,gender) values('$name','$surname','$username','$password','$age','$gender')"); if($con_password != $password){ $success = ' <div class="panel panel-danger"> <div class="panel-heading">ERROR ConfirmPassword</div> </div> '; } else{ $success = ' <div class="panel panel-success "> <div class="panel-heading">Registration</div> </div> '; } } ?>
  • you should not use the mysql interface, it is outdated - MaximPro
  • If you solved your problem with the answers below, check the one that helped you - MaximPro

2 answers 2

  `$insert = mysql_query("insert into users (name,surname,username,password,age,gender) values('$name','$surname','$username','$password','$age','$gender')");`
  1. Check if $_POST data is coming.
  2. In general, it would not be bad to check before writing to mysql whether they are even through isset($_POST['name'])&&isset($_POST['surname']) , etc.

  3. In this particular case, the sql query should look like this:

    $insert = mysql_query("insert into users (name,surname,username,password,age,gender) values('{$name}','{$surname}','{$username}','{$password}','{$age}','{$gender}')");

or

  $insert = mysql_query("insert into users (name,surname,username,password,age,gender) values('".$name."','".$surname."' и т.д.

Also, if you plan to share this site, I advise you to read articles about the basic protection against sql-injections, salt and password storage methodology.

  • one
    it's obvious that he quotes variables and turns them into strings - MaximPro
  • Yes you are right. My mistake. - Ilia Nedelkov
  • one
    By the way, the second option is more readable in my opinion, and yes, once it’s gone, it’s better to write your query builder with placeholders like the function sprintf - MaximPro

It's already 2016 on the street, it's time to learn mysqli or pdo . And so, I will change your code a bit:

 $link = mysqli_connect("host", "user", "password", "pepsoman") or die(mysqli_error($link)); if(isset($_POST['reg'])){ $name = $_POST['name']; $surname = $_POST['surname']; $username = $_POST['username']; $password = $_POST['password']; $con_password = $_POST['con_password']; $age = $_POST['age']; $gender = $_POST['gender']; $result = mysqli_query($link, "INSERT INTO users (name, surname, username, password, age, gender) VALUES ('$name','$surname','$username','$password','$age','$gender')"); if(mysqli_affected_rows($result)>0){ echo 'Добавлено'; } }
  • The data that you receive POST method must be cleaned. strip_tags , mysqli_real_escape_string and so on, it is at least.

The @ sign in front of the function disables error output, this is not good

  • Procedural style ... mmm, it's easier then just to use mysql and not to steam =) - MaximPro
  • I added @ because I have an error; there is a new base to install a new base or something like that I work with WAMPSERVER 3.0.6 - Harut Kostanyan
  • @HarutKostanyan and what error is displayed to you? - MaximPro
  • @HarutKostanyan I don `t know what your logic is, but if there is an error, it should be corrected, not hidden. No matter what your server is, and the error was probably due to an incorrect connection to the database. In any case, spend 30-40 minutes to deal with mysqli at least. Plus, you still need to clear the data upon receipt. With desire, Google will make you very happy. - Rosnowsky