Issue resolved!
It turned out to be the use of quotations. Instead of double quotations to
surround the $insert variable, it worked with single quotations:
$insert = ' INSERT INTO user_info
(login,password)
VALUES
("'.$login.'", "'.$password.'") ' ;
With the real_escape_string, this version worked (double quotation on the
outside, single quotation on the inside):
( " '.mysql_real_escape_string($login).' ", "
'.mysql_real_escape_string($password).' ")';
I'm not sure why the use of quotations works differently in different cases?
Thanks for your insights! It really helped with diagnostics. Much
appreciated!
On Sun, Feb 20, 2011 at 3:59 PM, <admin@xxxxxxxxxxxxxxxxxxx> wrote:
> I see an errors in the syntax.
>
> $insert = "INSERT INTO user_info (login, password) VALUES
>
> ('".mysql_real_escape_string($login)."',"'.mysql_real_escape_string($passwor
> d)."')";
>
> Issues resolved.
> $insert = "INSERT INTO user_info (login, password) VALUES
>
> ('".mysql_real_escape_string($login)."','".mysql_real_escape_string($passwor
> d)."')";
>
> Here is the issue
>
> ," '.mysql_real_escape_string($password)." '
>
> Your escaping incorrectly.
>
> It should be
> ,' ".mysql_real_escape_string($password)." '
>
> The double quote is in the wrong place.
>
>
>
>
>
> -----Original Message-----
> From: Nazish [mailto:nazish@xxxxxxxxx]
> Sent: Sunday, February 20, 2011 3:54 PM
> To: php-general@xxxxxxxxxxxxx
> Subject: Re: Submitting data to MySQL database using HTML/PHP form
>
> Update:
>
> I added "echo" statements after mysql_connect and mysql_select_db to check
> where the code was broken. These statements show up on the login.php page
> after submitting the form, which means the MySQL connection works. So, the
> problem seems to lie with the *$insert *query... ideas?
>
>
> On Sun, Feb 20, 2011 at 3:04 PM, Nazish <nazish@xxxxxxxxx> wrote:
>
> > Thanks everyone! However, when I click the "submit" button, the url
> simply
> > moves to http://localhost/login.php (from home.php) and it is a blank
> page
> > (apart from asking whether it should remember the password for future
> use).
> > The values still do not move to the database.
> >
> > I included most of your suggestions
> >
> > a) added mysql _error()
> > b) different names for the variables
> > c) removed double quotes
> > d) changed ?> (silly error!)
> > e) modified the $insert query
> >
> > The code now looks like this:
> >
> >
> > <?php
> >
> > // Connect to server and select database.
> > $host = "localhost";
> > $user = "root";
> > $mysql_pass = "abc";
> > $db = "directory";
> >
> > mysql_connect($host, $user, $mysql_pass) or die(mysql_error());
> >
> > mysql_select_db($db) or die(mysql_error());
> >
> > // username and password sent to mysql database
> >
> >
> > $login = $_POST['login'];
> > $password = $_POST['password'];
> >
> > $insert = "INSERT INTO user_info
> > (login, password)
> > VALUES
> >
> >
>
> ('".mysql_real_escape_string($login)."',"'.mysql_real_escape_string($passwor
> d)."')";
> >
> >
> > mysql_query($insert)
> > or die ("Unable to add user to the database:".mysql_error());
> >
> > ?>
> >
> >
> > I could insert the values using the command line, and it was updated in
> > MySQL, but it doesn't work through the form... it just goes to a blank
> page
> > on login.php. I'd appreciate any insights on why that's happening.
> >
> >
>
>
