Updated
This is the whole code.
Still i do not have a value in the text field "user" but i have in all others.
I print the values before adding them to the db ( deleted it from the original code already - i have all values instead the one in the user field )
This is a testing environment.
What I have issues with, is the following:
the field "user" is a field containing text and for some reason the $_post do not contain it.
all the others variables from the number fields are carried in $_post[field_name], but not the text field.
Do you have any idea how to fix this?
I tried with using html special char, but still no results.
Thanks in advance for the help !
this is the html
<html><head><title>MySQL Table Viewer</title></head><body>
<form action="submit.php" method="POST">
Day: <input type="number" name="day"/> Month: <input type="number" name="mont"/> Year: <input type="number" name="year"/>
<br> <br>
Start Hour:<br>
<input type="number" name="shour"/>
<br>
End Hour:<br>
<input type="number" name="ehour"/>
Agent: <input type="text" name="user" value=""/>
<input type="submit" class="button" name="submit" value="submit" />
</form>
</body></html>
this is the php
<html>
<body>
<?php
$day = mysql_real_escape_string($_POST['day']);
$mont= mysql_real_escape_string($_POST['mont']);
$year = mysql_real_escape_string($_POST['year']);
$shour = mysql_real_escape_string($_POST['shour']);
$ehour = mysql_real_escape_string($_POST['ehour']);
$user = mysql_real_escape_string($_POST['user']);
$con = mysql_connect("localhost","root","samokow");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("reservations", $con);
$sql="INSERT INTO reservations (day, mont, year, shour, ehour, user)
VALUES ('$day', '$mont','$year', '$shour','$ehour','$user')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Booking done." ;
mysql_close($con);
?>
</body>
</html>
You're quoting your $_POST[] you should do it like this:
$sql="INSERT INTO reservations (day, mont, year, shour, ehour, user) VALUES (".mysql_real_escape_string($_POST['day']).", ".mysql_real_escape_string($_POST['mont']).",".mysql_real_escape_string($_POST['year']).", ".mysql_real_escape_string($_POST['shour']).",".mysql_real_escape_string($_POST['shour']).",".mysql_real_escape_string($_POST['user'])."))";
this should work.
You don't have to qoute variables such as post in your query but instead use mysql_real_escape_string
EDIT:
Your year tag is invalid you end it with an $, and in your query you're getting shour 2 times
`Year: <input type="number" name"year"$`
Should be: Year: <input type="number" name="year">
$_POST[day]', '$_POST[mont]','$_POST[year]', '$_POST[shour]','$_POST[shour]'
shouldn't the second shour be ehour?
I hope this code is for testing purposes only?
Paste all of this in the same page!
<form method="POST">
Day: <input type="number" name="day" />
Month: <input type="number" name="mont" />
Year: <input type="number" name="year" />
Start Hour: <input type="number" name="shour" />
End Hour: <input type="number" name="ehour" />
Agent: <input type="text" name="user" />
<input type="submit" class="button" name="submit" value="submit" />
</form>
Before including the $_POST values in your database, you should use mysql_real_escape_string() Just like the others said.
ALSO, you will have to use mysqli or PDO because mysql_query() is deprecated.
if(isset($_POST['submit'])){
$day = mysql_real_escape_string($_POST['day']);
$mont= mysql_real_escape_string($_POST['mont']);
$year = mysql_real_escape_string($_POST['year']);
$shour = mysql_real_escape_string($_POST['shour']);
$ehour = mysql_real_escape_string($_POST['ehour']);
$user = mysql_real_escape_string($_POST['user']);
$sql="INSERT INTO reservations (`day`, `mont`, `year`, `shour`, `ehour`, `user`) VALUES ('$day', '$mont','$year', '$shour','$shour','$user')";
}
I would recommend to provide a valueparameter in the input tag as well:
.... Agent: <input type="text" name="user" value="">
some browsers are picky about that (MS IE ...?)
Try this :
$day = mysql_real_escape_string($_POST['day']);
$mont= mysql_real_escape_string($_POST['mont']);
$year = mysql_real_escape_string($_POST['year']);
$shour = mysql_real_escape_string($_POST['shour']);
$ehour = mysql_real_escape_string($_POST['ehour']);
$user = mysql_real_escape_string($_POST['user']);
$sql="INSERT INTO reservations (day, mont, year, shour, ehour, user) VALUES ('$day', '$mont','$year', '$shour','$shour','$user')";
you need to put the row in quotes like this:
$_POST['user']
Related
No matter how many sites I go to to try and get this to work, it still doesn't. I am unable to have the data that has been entered end up in the database. The form submits, but doesn't come back with an error. When looking in phpMyAdmin, there are no records. I've tweaked it a million times with no luck. Can a second set of eyes show me what I'm doing wrong?
Thanks!!
Tim
<body>
<form action="insert.php" method="post"><br>
Date: <input type="text" name="date" id="date"><br>
Time: <input type="text" name="time" id="time"><br>
City: <input type="text" name="city" id="city"><br>
Fire Dept: <input type="text" name="fire" id="fire"><br>
Address: input type="text" name="addy" id="addy"><br>
Call Type/Level <input type="text" name="level" id="level"><br>
Description: <input type="text" name="desc" id="desc"><br>
Units: <input type="text" name="units" id="units"><br>
Submitted by: <input type="text" name"who" id="who"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
<?php
if (isset($_POST['submit'])){
$db=mysql_connect("", "", "");
$mydb=mysql_select_db("rm911_incidents");
$date=$_Post['date'];
$time=$_Post['time'];
$city=$_Post['city'];
$fire=$_Post['fire'];
$addy=$_Post['addy'];
$level=$_Post['level'];
$desc=$_Post['desc'];
$units=$_Post['units'];
$who=$_Post['who'];
$sql = "INSERT INTO incidents(date,time,city,fire,addy,level,desc,units,who)
VALUES
('$date','$time','$city','$fire','$addy','$level','$desc','$units','$who')";
$result = mysql_query($sql);
if($result)
{
echo "<br>Input data is successful";
}
else
{
echo ("<br>Input data has failed");
}
}
?>
Okay, so I have fixed the error that Leo mentioned (Thank you!), however that was not the problem either. The errors that I am getting using the error reporting that you provided are: Undefined index: xxx... (xxx being every field name in the db). I have an 'id' field in the db, auto_increment-ing - did I forget to set that as the index?
The POST data is stored in the $_POST array, not the $_Post array. You should get a Notice on the undefined variable in your server log or in the browser (if PHP messages are sent to the browser).
The problem is in your post array name $_Post
$date=$_Post['date'];
$time=$_Post['time'];
$city=$_Post['city'];
$fire=$_Post['fire'];
$addy=$_Post['addy'];
$level=$_Post['level'];
$desc=$_Post['desc'];
$units=$_Post['units'];
$who=$_Post['who'];
Instead of $_Post you should use $_POST. Also, you can do
var_dump($_POST);
at the top of php file, so you will be able to see what the form sends to your script.
Regards
changed a few things, this should work.. if it doesnt is most likely an issue with your db
<html>
<body>
<form action="insert.php" method="POST"><br> <!-- method POST-->
Date: <input type="text" name="date" id="date"><br>
Time: <input type="text" name="time" id="time"><br>
City: <input type="text" name="city" id="city"><br>
Fire Dept: <input type="text" name="fire" id="fire"><br>
Address: <input type="text" name="addy" id="addy"><br>
Call Type/Level <input type="text" name="level" id="level"><br>
Description: <input type="text" name="desc" id="desc"><br>
Units: <input type="text" name="units" id="units"><br>
Submitted by: <input type="text" name="who" id="who"><br> <!-- name"who" changed -->
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
<?php
if (isset($_POST['submit'])) {
$db=mysql_connect("", "", "") or die ("Cant connect");
$mydb=mysql_select_db("rm911_incidents") or die ("Cant find db");
$date = $_POST['date']; //_POST not _Post
$time = $_POST['time'];
$city = $_POST['city'];
$fire = $_POST['fire'];
$addy = $_POST['addy'];
$level = $_POST['level'];
$desc = $_POST['desc'];
$units = $_POST['units'];
$who = $_POST['who'];
$sql = "INSERT INTO incidents ( date , time, city , fire , addy , level , desc , units , who )
VALUES ( '$date' , '$time' , '$city' , '$fire' , '$addy' , '$level' , '$desc' , '$units' , '$who' )";
$result = mysql_query($sql) or die ("Cant insert");
if($result)
{
echo "<br>Input data is successful";
}
else
{
echo "<br>Input data has failed";
}
}
?>
Also you're missing an opening square bracket:
Address: input type="text" name="addy" id="addy"><br>
Should be:
Address: <input type="text" name="addy" id="addy"><br>
Try doing this in your php file at the very top after the <?php:
//error reporting set to all
error_reporting(E_ALL);
ini_set('display_errors', 'On');
Also place your php code before your html.
You should see errors being outputted and be able to debug it.
Post the errors here if you need help.
can you check if Submitted by: <input type="text" name"who" id="who"><br> is causing error..
it should be Submitted by: <input type="text" name="who" id="who"><br>
If this doesnt help.. Try running a static insert query in your php file and check if its working...
Regards,
Leo
I have an HTML form with several various text and checkbox fields. I have the text fields posting to the correct table but the checkbox responses are not posting at all (intended to post to a separate table).
Here's my HTML form:
<!Doctype html>
<html>
<?php include 'C:\xampp\htdocs\paxdb\head.php';
include 'config/menu.php';?>
<div id="dataentry">
<!--This section is the demographic text field area-->
<form method="post" action="dataentered.php">
First Name: <input type="text" id="First_Name" name="First_Name"/></br>
</br>
Last Name: <input type="text" id="Last_Name" name="Last_Name"/></br>
</br>
E-mail: <input type="text" id="email" name="email"/></br>
</br>
<!--This section is the age range checkbox selection area-->
<p><u><b>Age Range</b></u></p>
<input type="checkbox" name="age[]" id="20-25" value="1"/> 20-25</br>
<input type="checkbox" name="age[]" id="26-30" value="1"/> 26-30</br>
<input type="checkbox" name="age[]" id="31-35" value="1"/> 31-35</br>
<input type="checkbox" name="age[]" id="36-40" value="1"/> 36-40</br>
<input type="checkbox" name="age[]" id="41-45" value="1"/> 41-45</br>
</div>
<p><u><b>What City or region would you like to visit in the US or Canada?:</b></u></p>
<textarea name="comment2" rows="4" cols="50"></textarea>
<?php include 'footer.php';?>
</div>
</body>
</html>
and here is the PHP code I am trying but only have the text fields working:
<html>
<?php
$host="localhost";
$username="someusername";
$password="somepassword";
$dbname="somedbname";
$dbc = mysql_connect($host, $username, $password, $dbname);
if (!$dbc)
{
die('Error connecting to MySQL server' . mysql_error());
}
mysql_select_db($dbname, $dbc);
//send pax data to pax database table
$first_name=$_POST['First_Name'];
$last_name=$_POST['Last_Name'];
$email=$_POST['email'];
mysql_query("INSERT INTO pax (First_Name, Last_Name, email)
VALUES('$first_name','$last_name','$email')");
//send age checkbox data to age database table
$age = $_POST['age'];
foreach($age as $range) mysql_query("INSERT INTO age ($age) VALUES ('$range')") or die (mysql_error());
mysql_close($dbc);
Any help is appreciated.
EDIT To clarify: the mysql table 'age' has the following fields:
age_id (key),
pax_id (index for the text field data at the beginning of the form),
20-25
26-30
and so on through the age ranges.
before you try to actually run mysql queries, you should test to make sure the queries youre constructing have the correct information in them.
You could do something like this to quickly check:
foreach($age as $range) {
print "INSERT INTO age ($age) VALUES ('$range')";
}
Also, you shouldn't be sticking $_POST data straight into your queries, someone could easily write SQL code into a field and delete your database. Look up the topic of "mysql input sanitation"
I have edited the code for you
<!Doctype html>
<html>
<?php include 'C:\xampp\htdocs\paxdb\head.php';
include 'config/menu.php';?>
<div id="dataentry">
<!--This section is the demographic text field area-->
<form method="post" action="dataentered.php">
First Name: <input type="text" id="First_Name" name="First_Name"/></br>
</br>
Last Name: <input type="text" id="Last_Name" name="Last_Name"/></br>
</br>
E-mail: <input type="text" id="email" name="email"/></br>
</br>
<!--This section is the age range checkbox selection area-->
<p><u><b>Age Range</b></u></p>
<!-- Change your checkbox value -->
<input type="checkbox" name="age[]" id="20-25" value="20-25"/> 20-25</br>
<input type="checkbox" name="age[]" id="26-30" value="26-30"/> 26-30</br>
<input type="checkbox" name="age[]" id="31-35" value="31-35"/> 31-35</br>
<input type="checkbox" name="age[]" id="36-40" value="36-40"/> 36-40</br>
<input type="checkbox" name="age[]" id="41-45" value="41-45"/> 41-45</br>
</div>
<p><u><b>What City or region would you like to visit in the US or Canada?:</b></u></p>
<textarea name="comment2" rows="4" cols="50"></textarea><br/>
<input type="submit" name="submit" value="Submit"/>
<?php include 'footer.php';?>
</div>
</body>
</html>
You cannot insert the array($age) directly into the database as you have done in INSERT statement...One of the solution that i did is convert the array into string and then insert it into database as shown...
<?php
$host="localhost";
$username="someusername";
$password="somepassword";
$dbname="somedbname";
$dbc = mysql_connect($host, $username, $password, $dbname);
if (!$dbc)
{
die('Error connecting to MySQL server' . mysql_error());
}
mysql_select_db($dbname, $dbc);
//send pax data to pax database table
$first_name=$_POST['First_Name'];
$last_name=$_POST['Last_Name'];
$email=$_POST['email'];
mysql_query("INSERT INTO pax (First_Name, Last_Name, email)
VALUES('$first_name','$last_name','$email')");
//send age checkbox data to age database table
$age = $_POST['age'];
$my_range = "";
foreach($age as $range)
$my_range = $my_range . $range . " ";
//You have written this query wrong
mysql_query("INSERT INTO age(age) VALUES ('$my_range')") or die (mysql_error());
mysql_close($dbc);
While retrieving it from the database you can use expode() to get each age range...Here is the sample code
$range_string = "20-25 26-30 31-35";
$range_array = explode(" ", $range_string);
echo $range_array [0]; // 20-25
echo $range_array [1]; // 26-30
echo $range_array [2]; // 31-35
You might also want to look at http://www.html-form-guide.com/php-form/php-form-checkbox.html for some information on checkboxes...
Hope this helps
How do you create a javascript button to take the information from the form to the php sql:
<form>
<input type="text" placeholder="Name" name="name" class="name" /></br>
<input type="text" placeholder="Phone Number" name="number" class="number"/></br>
<input type="text" placeholder="Location " name="location" class="location"/></br>
<input type="submit" value="Add Booking" />
</form>
?php
$name = $_GET['name'];
$number = $_GET['number'];
$location = $_GET['location'];
$con = mysql_connect(".....",".....",".....");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
("chanh", $con);
$sql ="INSERT INTO book (name, number, location,timestamp)
VALUES ('$name', '$number','$location',NOW())";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added"
mysql_close($con);
?>
Any help would be appreciated as I am just a rookie! Thanks
You just need to specify where you form will be submitted
<form action="submit.php" method="get">
<input type="text" placeholder="Name" name="name" class="name" /></br>
<input type="text" placeholder="Phone Number" name="number" class="number"/></br>
<input type="text" placeholder="Location " name="location" class="location"/></br>
<input type="submit" value="Add Booking" />
</form>
Javascript is only needed here if you want to perform some sort of validation
NOTE
Avoid adding variables directly to your query, you will be vulnerable to SQL injection.
Here is what you can do:
$con = mysql_connect(".....",".....",".....");
$name = mysql_real_escape_string($_GET['name']);
$number = mysql_real_escape_string($_GET['number']);
$location = mysql_real_escape_string($_GET['location']);
create an , then set that when the button is clicked, the form is submitted. ie
but = document.getElementById('clickButton');
formToSubmit = document.getElementById('myForm');
but.onclick = function(){
formToSubmit.submit();
};
You don't need JavaScript to submit a form. It looks like you're just missing the < from <?php for now.
You could explicitly specify the action and method on the form HTML element, but if you don't it's a GET request and it will submit to the current URL (Web address).
Really, if you're doing something other than fetching data (like a search), your form should be using a HTTP POST, not a GET. For more understanding of why this kind of thing matters, see What should every programmer know about web development. However, that is a very big topic!
You just need to postback the form, in other words, set an action on the form as in:
<form id="mainForm" action="process.php" method="post">..
And add an onclick handler on the button as follows:
<input type="submit" value="Add Booking" onclick="javascript:document.getElementById('mainForm').submit();" />
However, not that I set the method to post; this will require your PHP code to change to:
$name = $_POST['name'];
$number = $_POST['number'];
$location = $_POST['location'];
Using POST in this case may not be necessary but you need to be aware that using GET will encode the form parameters in the URL as in process.php?name=value&numner=value... and some of this information may be sensitive and therefore, desirable to be submitted to the server in the body of the HTTP request as opposed to transmitted encoded in the URL.
I have done my research but have found nothing specific enough to my problem
I have an HTML form, asking for data, then a php script that is suppose to put the data in a mysql database
When i try it on my localhost, i dont get any errors
but when i check on phpmyadmin, there is no new data
the html:
<html>
<head>
<form action="insert.php" method="post">
ID: <input type="text" name="ID"><br>
Family ID: <input type="text" name="Family_ID"><br>
First Name: <input type="text" name="First_Name"><br>
Last Name: <input type="text" name="Last_Name"><br>
Gender: <input type="text" name="Gender"><br>
Birthday: <input type="text" name="Birthday"><br>
Birthplace: <input type="text" name="Birthplace"><br>
Father ID: <input type="text" name="Father_ID"><br>
Mother ID: <input type="text" name="Mother_ID"><br>
Maiden Name: <input type="text" name="Maiden_Name"><br>
Mariage ID: <input type="text" name="Mariage_ID"><br>
Deathdate: <input type="text" name="Deathdate"><br>
Deathplace: <input type="text" name="Deathplace"><br>
Grave Location: <input type="text" name="Grave_Location"><br>
Email: <input type="text" name="Email"><br>
Phone: <input type="text" name="Phone"><br>
Address: <input type="text" name="Adress"><br>
Bio: <input type="text" name="Bio"><br>
Studies: <input type="text" name="Travail"><br>
Travail: <input type="text" name="Travail"><br>
Photo: <input type="text" name="Photo"><br>
Fete: <input type="text" name="Fete"><br>
<input type="Submit">
</form>
</head>
<body>
</body>
</html>
the php:
$username='root';
$password='121395';
$database='genealogy';
mysql_connect("localhost",$username,$password);
#mysql_select_db($database) or die( 'Unable to select database');
echo "Connected to MySQL";
$ID=mysql_real_escape_string($_POST['ID']);
$Family_ID=mysql_real_escape_string($_POST['Family_ID']);
$First_Name=mysql_real_escape_string($_POST['First_Name']);
$Last_Name=mysql_real_escape_string($_POST['Last_Name']);
$Gender=mysql_real_escape_string($_POST['Gender']);
$Birthday=mysql_real_escape_string($_POST['Birthday']);
$Birthplace=mysql_real_escape_string($_POST['Birthplace']);
$Father_ID=mysql_real_escape_string($_POST['Father_ID']);
$Mother_ID=mysql_real_escape_string($_POST['Mother_ID']);
$Maiden_Name=mysql_real_escape_string($_POST['Maiden_Name']);
$Mariage_ID=mysql_real_escape_string($_POST['Mariage_ID']);
$Deathdate=mysql_real_escape_string($_POST['Deathdate']);
$Deathplace=mysql_real_escape_string($_POST['Deathplace']);
$Grave_Location=mysql_real_escape_string($_POST['Grave_Location']);
$Email=mysql_real_escape_string($_POST['Email']);
$Phone=mysql_real_escape_string($_POST['Phone']);
$Address=mysql_real_escape_string($_POST['Adress']);
$Bio=mysql_real_escape_string($_POST['Bio']);
$Travail=mysql_real_escape_string($_POST['Travail']);
$Photo=mysql_real_escape_string($_POST['Photo']);
$Fete=mysql_real_escape_string($_POST['Fete']);
$query = "INSERT INTO bouan (ID, Family_ID, First_Name, Last_Name, Gender, Birthday,
Birthplace, Father_ID, Mother_ID, Maiden_Name, Mariage_ID,Deathdate, Deatchplace,
Grave_Location, Email, Phone, Adress, Bio, Travail, Photo, Fete) VALUES
('$ID','$Family_ID','$First_Name','$Last_Name','$Gender','$Birthday','$Birthplace',
'$Father_ID','$Mother_ID','$Maiden_Name','$Mariage_ID','$Deathdate','$Deathplace',
'$Grave_Location','$Email','$Phone','$Address','$Bio','$Travail','$Photo','$Fete')";
mysql_query($query) or die ("Error updating database");
mysql_error();
mysql_close();
All i get in return is:
Connected to MySQLError updating database
whats wrong? (i HAVE done my research, over 2 days fyi)
im sorry that im new to this, cant help it
You should probably
provide mysql_query with the real query
sanitize data before feeding it to sql
use {$_POST['whatever']} when you want to embed it into a string
check the return value of mysql_query
learn a thing or two.
Your first approach looks fine, but for security reasons fetch the posted variables like below $ID=mysql_real_escape_string($_POST['ID']);
mysql_real_escape_string() method will remove the unwanted characters and makes it secure.
At the end try to print the query which you are executing using echo or print statement.
echo $query;
Execute the result on your phpmyadmin. Phpmyadmin will let you know what are the errors in your mysql query and following those instructions you can change your query.
Debugging can be done by printing the results after each line execution wherever you feel something is going wrong.
Use mysql_error() to receive last error. Also I see potential bug in your query:
'`$ID`','`$Family_ID`','`$First_Name`' -- you may try to remove ` sign
try to do these 2 things, first add value attribute to your all input elements
e.g)
<input type="text" name="Family_ID" value="">
because it will not get into $_POST variable if you send blank value in the text box with no value attribute
try to add filed names so that you can track map with values and remove
`
from your field and value.
I have the code below:
<html><body>
<?php
$con = mysql_connect("localhost","will","blahblah");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("blahblah", $con);
$sql="INSERT INTO links (link, notes, username)
VALUES
('$_POST[link]','$_POST[notes]','$_POST[username]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 link added";
mysql_close($con)
?>
</body></html>
It should insert a link and notes and a username into my database but it doesn't. I am clueless as to why and would appreciate some help with it! It is getting these values from the form below:
<div id="stylized" class="myform">
<form id="form" name="form" method="post" action="user.php">
<label>Username
<span class="small">Enter Your Username</span>
</label>
<input type="text" name="name" id="username" />
<label>Link
<span class="small">Paste Your Link</span>
</label>
<input type="text" name="email" id="link" />
<label>Notes
<span class="small">Add Some Notes</span>
</label>
<input type="text" name="password" id="notes" />
<button type="submit"></button>
<div class="spacer"></div>
</form>
</div>
Thanks!
I see at least three problems, with your code :
First, when injecting strings into an SQL query, you must escape it, using mysql_real_escape_string() :
$link = mysql_real_escape_string($_POST['link']);
$notes = mysql_real_escape_string($_POST['notes']);
$username = mysql_real_escape_string($_POST['username']);
$sql="INSERT INTO links (link, notes, username)
VALUES ('$link','$notes','$username')";
Third, in your PHP code, you must use the name attribute of your input fields -- and not their id attributes.
Considering your HTML code looks like this :
<input type="text" name="name" id="username" />
<input type="text" name="email" id="link" />
<input type="text" name="password" id="notes" />
You should work with :
$_POST['name'], and not $_POST['username']
$_POST['email'], and not $_POST['link']
$_POST['password'], and not $_POST['notes']
Note : using a name and an id that are that different leads to troubles ;-)
So, to summarize, your code should look a bit more like this :
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
$name = mysql_real_escape_string($_POST['name']);
$sql="INSERT INTO links (link, notes, username)
VALUES ('$email','$password','$name')";
Note : you should use the same names for the input fields, and the fields in the table -- it would make your code easier to understand.
Replace it :
$sql="INSERT INTO links (link, notes, username)
VALUES
('$_POST[link]','$_POST[notes]','$_POST[username]')";
with:
$sql="INSERT INTO links (link, notes, username)
VALUES
('". mysql_escape_string($_POST['name']) ."','".
mysql_escape_string($_POST['email']) ."','".
mysql_escape_string($_POST['password']) ."')";
Note that POST variables you're trying to use in Your query are completely different from those on your form
The indexes of POST variables must match the names of the form items.
So either write:
<input type="text" name="link" id="link" /> or use $_POST[email]
Adapt for the other variables.
id attributes are meaningless when submitting the form. You probably want to swap the name and id attributes.
Currently, $_POST['name'], $_POST['email'] and $_POST['password'] are being submitted instead of $_POST['username'], $_POST['link'] and $_POST['notes'].
Your code is also vulnerable to SQL injection.
The items in $_POST are indexed by name attribute, not by id.