1

I am only new in programming and I don't know what the problem in my code. the data that I enter in the tblins are recorded but my data in tbluser won't go in my database. but when i try to remove the insert query for my tblins, the data that I want to enter in tbluser can be recorded in my database. what should I do so that my two tables can record all the data that I'm entering after clicking submit in my page? thanks.

$usr="INSERT INTO tbluser(username,password,type) VALUES('".$_POST['txtuname']."','".$_POST['txtpass']."','".$_POST['type']."')";
$ins="INSERT INTO tblins(insLN,insFM,insMN,insadd,insCN,insemail,insbdate) VALUES('".$_POST['txtLN']."','".$_POST['txtFN']."','".$_POST['txtMN']."','".$_POST['txtadd']."','".$_POST['txtCN']."','".$_POST['txtemail']."','".$bdate."')";

thanks for all the advice sir. :D I am currently ready on what sql injection is. hope to learn more. :D

here's my full code. 

<?php
include("connect.php");
if(isset($_POST['txtpass']) && isset($_POST['txtrepass'])){

                    $password1=mysql_real_escape_string($_POST['txtpass']);
                    $password2=mysql_real_escape_string($_POST['txtrepass']);

                    if($password1==$password2){



                                $typeopt=$_POST['type'];

                                $bdate=$_POST['year']."-".$_POST['month']."-".$_POST['day'];

                                switch($typeopt){
                                       case 'ins':


                                        $usr=mysql_query("INSERT INTO tbluser(username,password,type) VALUES('".$_POST['txtuname']."','".$_POST['txtpass']."','".$_POST['type']."')");

                                        $ins=mysql_query("INSERT INTO tblins(insLN,insFM,insMN,insadd,insCN,insemail,insbdate) VALUES('".$_POST['txtLN']."','".$_POST['txtFN']."','".$_POST['txtMN']."','".$_POST['txtadd']."','".$_POST['txtCN']."','".$_POST['txtemail']."','".$bdate."')");


                                        if(mysqli_query($con,$ins)) {
                                            echo"success";
                                        }
                                        else{
                                            echo"fail to register";
                                        }

                                        break;

                                        case 'student':
                                        $std="INSERT INTO tblstudent(studLN,studFN,studMN,studBDate,studemail,studadd,studCN)";
                                        $usr="INSERT INTO tbluser(username,password,type)";
                                        $usr=$usr."VALUES('".$_POST['txtuname']."',";
                                        $usr=$usr."'".$_POST['txtpass']."',";
                                        $usr=$usr."'".$_POST['type']."')";

                                        $std=$std."VALUES('".$_POST['txtLN']."',";
                                        $std=$std."'".$_POST['txtFN']."',";
                                        $std=$std."'".$_POST['txtMN']."',";
                                        $std=$std."'".$bdate."',";
                                        $std=$std."'".$_POST['txtemail']."',";
                                        $std=$std."'".$_POST['txtadd']."',";
                                        $std=$std."'".$_POST['txtCN']."')"; 

                                        if(mysqli_query($con,$std)) {
                                            echo"success";
                                        }
                                        else{
                                            echo"fail to register";
                                        }

                                }

                    }
                    else{
                        echo"<form>";
                        echo "Password doesn't match. Try registering again.";
                        echo "<input type=submit formaction=register.php value=back>";
                        echo"</form>";
                    }
                }

?>

Improve this question
10
  • 3
    Can you add the code where you try to write these to the database? Commented Oct 3, 2013 at 14:51
  • 1
    You should check for any PHP errors or MySQL errors. There's likely an error message somewhere telling you exactly what's wrong. Also, your code is wide open to SQL injection attacks. You'll want to read and understand this: php.net/manual/en/security.database.sql-injection.php Commented Oct 3, 2013 at 14:51
  • 1
    that should be your database connection error. paste your complete code here Commented Oct 3, 2013 at 14:52
  • There are numerous things to check but the most likely cause(s) are: misspelled column names, misspelled table name, a column is set to NOT NULL and you are passing it an empty variable, variable length exceeds varchar allowed in DB. Good Luck! Commented Oct 3, 2013 at 14:54
  • 1
    You're not escaping any of your inputs. Not only does this open you to SQL injection but it could break your SQL. Post the actual SQL being passed to your DB and I bet you see a problem that's not being escaped Commented Oct 3, 2013 at 14:57

1 Answer 1

Reset to default
3

First, the way you are building your queries is very prone to errors and SQL Injections.

How about something a little cleaner such as:

$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$stmt = $db->prepare("INSERT INTO table(field1,field2,field3,field4,field5) VALUES(:field1,:field2,:field3,:field4,:field5)");
$stmt->execute(array(':field1' => $field1, ':field2' => $field2, ':field3' => $field3, ':field4' => $field4, ':field5' => $field5));

And make sure to check error messages.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

what does PDO mean sir?
@benarylagadan read this as well: wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
@benarylagadan Click here for a basic tutorial on MySQLi - it's' the best advice I can give you. Plus do yourself a favor, use Google and search for "MySQLi tutorial". You will thank me for it ;-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.