INSERT INTO mysql - text works, strings do not??? 3

[Followyourbliss]

<?php
$user = "followyo_New";
$pass = "New";
$user_name = $_POST['user_Name'];
$user_email = $_POST['user_Email'];
echo ($user_name);
echo ($user_email);
$conn = mysql_connect( "localhost", $user, $pass);
$rs_db = mysql_select_db("followyo_mysql_db",$conn);
$sql = "insert into php_game_play(player_Name, player_Email) values('$user_name','$user_email')";
$rs = mysql_query($sql, $conn);
?>

I have seen many posts regarding this issue (I searched, FAQ & online manuals) Yet no one has posted if the suggestions offered work for them.
All I'm trying to do is update a table based on user input. Why doesn't this work? It should be straight forward. I have tried every combination of ' or " and [ or ( Capital letters and lower case - I don't get it.

Thank you in advance for your time.

 

[BabyJeffy]

I have taken your code and massaged it into the same format I tend to use. I cannot test against your database/passwords etc -- but the syntax ought to be fine.

<?php 
/* you could place this into an include file */
$my_serverName = "localhost";
$my_userName = "followyo_New";
$my_password = "New";
$my_database = "followyo_mysql_db";
$link = @mysql_connect($my_serverName, $my_userName, $my_password);
mysql_select_db($my_database);

/* safely gather the post data */
$user_name = $user_email = '';
if (isset($_POST['user_Name'])) $user_name = $_POST['user_Name'];
if (isset($_POST['user_Email'])) $user_email = $_POST['user_Email'];
echo "\nuser_name = ".$user_name;
echo "\nuser_email = ".$user_email;

/* insert the post data into the database */
mysql_query("INSERT INTO php_game_play (player_Name, player_Email) VALUES ('$user_name','$user_email');");
echo "\nmysql_errno() = ".mysql_errno();
?>

The code echos out any mySQL error at the end -- this could be useful to you in debugging the code further ("0" means all went well).

I have taken the liberty to tidy variable names and the structure a little bit -- everyone codes differently and that's fine

Don't forget to close the database connection when you are done...

<?php mysql_close($link); ?>

Cheers,
Jeff

 

[herman75]

You could try Jeffs code. For testing it is nice, although I wouldn't want to echo my mysql errors on a live site. Too easy for hackers to figure out how my site works then.

I didn't see anything wrong with your code either though. Did you try to echo the query and copy-paste it into phpMyAdmin to see the error-message? Maybe you are trying to enter a user with a name that allready exists, while the username should be unique?

 

[DRJ478]

Also, there is another often underestimated problem in the MySQL scenario, for example people of Irish or Italian descent:
D'Allesandro, O'Brien, O'Malley etc.
String values should use mysql_real_escape_string to avoid the SQL breaking when the passed value contains a single quote.
In general, I see that there is no validation for the username: never trust user input. Make sure it is either escaped or disallow specific chars.

 

[Followyourbliss]

DRJ - Great point! That's something I wouldn't have thought of and needs to be taken into consideration.

herman - You're absolutly right, but this is no where near ready to go live. I'm just learning through game development

BabyJ - Thank you so much for posting the code in a format that works for you.

It looks like I'm getting an "1146" error returned.

I'll go looking for more info on this error. If you have any additional insite please let me know. My brain hurts.

Thanks again!

 

[Followyourbliss]

1146 = missing table.
Sure enough the table was mis-spelled.
And...now it works! Error Trapping!!! What a concept.
I'm going to try my original code (with the table name spelled correctly) and see if there was anything wrong with my syntax.

Thank you again, everyone. This is a wonderful resource someday I hope I can give back to it.