I need to automatically set the ID column of a row in the database and I would like some help in figuring out how to do that, because at the moment I have to assign an ID through an input field.
PHP
<?php
//include db configuration file
include 'connection.php';
function user_joined($user_id, $user_name, $user_age, $user_end){
$user_id = mysql_real_escape_string(htmlentities($user_id));
$q = "INSERT INTO evenement (id, title, start, end) VALUES
('" . $user_id . "', '" . $user_name . "', '" . $user_age . "', '" . $user_end . "')";
mysql_query($q);
echo $user_id;
}
if(isset($_POST['user_id'], $_POST['user_name'], $_POST['user_age'], $_POST['user_end'], $_POST['action'])){
$user_id = $_POST['user_id'];
$user_name = $_POST['user_name'];
$user_age = $_POST['user_age'];
$user_end = $_POST['user_end'];
$action = $_POST['action'];
if ($action == 'joined'){
user_joined($user_id, $user_name, $user_age, $user_end);
}
}
?>
HTML form
<form class="form-inline">
<div id="d1" title="Maak afspraak aan" style="display: none">
<div class="control-group">
<label class="control-label">Gebruikers id:</label>
<div class="controls">
<input type="text" name="userid" placeholder="Gebruikers ID" id="id" />
</div>
</div>
<div class="control-group">
<label class="control-label">Title:</label>
<div class="controls">
<input type="text" name="username" placeholder="Titel" id="name" />
</div>
</div>
<div class="control-group">
<label class="control-label">Starttijd:</label>
<div class="controls">
<input type="text" name="userstart" placeholder="Starttijd" id="start" />
</div>
</div>
<div class="control-group">
<label class="control-label">Eindtijd:</label>
<div class="controls">
<input type="text" name="userend" placeholder="Eindtijd" id="end" />
</div>
</div>
</div>
</div>
</form>
Use the AUTO_INCREMENT attribute in combination with PRIMARY KEY to set the ID automatically. You can return this ID with SCOPE_IDENTITY(), or if you'd switch to a better PHP SQL option, you could use PDO::lastInsertID to get the latest ID.
I would also like to warn you that you have a pretty serious SQL injection problem, which you could fix by using prepared statements and perhaps an extra preg_replace to strip all unwanted characters from the query and table in general. You should totally go and learn a little bit more about preventing SQL injections. There are great topics here that are dedicated to the subject and I made a list of these articles to you:
stackoverflow.com - How can I prevent SQL injection in PHP
php.net - SQL Injection
I would also like to refer you to switch over to MySQLi or PHP PDO, because you are currently using the deprecated MySQL database extension.
Related
My PHP/SQL script does not work on the new table I cloned but works perfectly fine on the table I copied the new table from using this:
SELECT * INTO slide FROM news
Here's my insert form:
<div class="the-form" style="width:100%;">
<form class="userTrans" method="post">
<input type="hidden" name="act_userTrans" value="__insertNews_">
<p>
<label for="title">Title:</label>
<input type="text" name="title" id="title">
</p>
<p>
<label for="type">News Type:</label>
<input type="text" name="type" id="type">
</p>
<p>
<label for="autor">Author:</label>
<input type="text" name="autor" id="autor">
</p>
<input type="text" name="text2" id="text2">
<p class="form-footer">
<button class="button userTrans" style="background-color: #DB6D1D;">Publish News</button>
</p>
</form>
</div>
And here's my edit form:
<div class="the-form" style="width:100%;">
<form class="userTrans" method="post">
<input type="hidden" name="act_userTrans" value="__updateNews_">
<p>
<label for="title">Title:</label>
<input type="text" name="title" id="title" value="<?=$edit[title]?>"/>
</p>
<p>
<label for="type">News Type:</label>
<input type="text" name="type" id="type" value="<?=$edit[type]?>"/>
</p>
<p>
<label for="autor">Author:</label>
<input type="text" name="autor" id="autor" value="<?=$edit[autor]?>"/>
</p>
<input type="text" name="text2" id="text2" value="">
<input type="hidden" name="id" value="<?=$edit[id]?>">
<p class="form-footer">
<button class="button userTrans" style="background-color: #DB6D1D;">Publish News</button>
</p>
</form>
</div>
Here's my process for updating & inserting my two different forms:
if($activity == "__insertNews_")
{
$title = htmlspecialchars($_POST['title']);
$autor = htmlspecialchars($_POST['autor']);
$type = (int)$_POST['type'];
if(empty($_POST['type']) || empty($_POST['autor']) || empty($_POST['title']) || empty($_POST['text2']))
{
echo response(0,'Fill up all the forms.',0);
exit();
}
//echo $_POST[text2];
$news = mssql_query("INSERT INTO DB1.dbo.news (title,text,type,autor) VALUES ('$title','$_POST[text2]','$type','$autor') ");
echo response(1,'Publishing '.$title.' success!',0);
}
if($activity == "__updateNews_")
{
$title = htmlspecialchars($_POST['title']);
$autor = htmlspecialchars($_POST['autor']);
if(empty($_POST['autor']) || empty($_POST['title']))
{
echo response(0,'Fill up all the forms.',0);
exit();
}
$news = mssql_query("UPDATE DB1.dbo.news set title='$title',autor='$autor' WHERE id='$id' ");
echo response(1,'Editing '.$title.' success!',0);
}
So using those scripts above and i was able to INSERT & UPDATE any contents on dbo.news
However, when I change DB1.dbo.news to the new table I created ( DB1.dbo.slide ) the "INSERT" won't work.
I tried to add data using the same form & processing script, the "INSERT" won't work on dbo.slide but when I test it on dbo.news I'm able to insert data. I also tested UPDATE, and it's working on both dbo.slide and dbo.news.
Now I'm wondering, why is it that the SAME script for INSERT is working on other table but it does not work on the new one (dbo.slide). It's literally confusing because I did not change any codes, I just changed the table I'm inserting the data into and the INSERT function stopped working.
What's the best way to debug this and find out what is causing this issue?
mssql_query function no longer exist in newer php versions. i suggest you to work with PDO because one of it advantage for you is, reduce the commonly used insert and update operations and it's safe against malicious attacks and through SQL injection
But now, can't help you without DB1.dbo.slide columns and DB1.dbo.slide columns and your DB1.dbo.slide insert query.
So for main help, check DB1.dbo.slide columns and compare their with DB1.dbo.news. then rewrite your SQL query according to DB1.dbo.slide columns.
If your insert query worked for DB1.dbo.news, be sure your insert query for DB1.dbo.slide is not correct
SOLVED! I deleted all the cloned database and used the CREATE TABLE statement to recreate everything including primary keys, constraint, etc and now its working!
It seems that i shouldn't be using this to clone tables
SELECT * INTO slide FROM news
Thank you everyone for taking the time to reply, really appreciate it!
I am trying to send data from form but its sending the name in stead of value of the input box. File is uploading properly and the input box name is uploading too but I need to put the values.
<form action="intern.php" enctype="multipart/form-data" method="post" autocomplete="off">
<h3 class="register-heading">Want to be a <strong>learner Bee</strong>?</h3>
<div class="row register-form">
<div class="col-md-6">
<div class="form-group">
<input type="text" class="form-control" name="iname" placeholder="Your Certificates name" value="" required />
</div>
<div class="form-group">
<input type="text" class="form-control" maxlength="14" minlength="10" name="icon" placeholder="Your 24/7 opened Phone Number" value="" required />
</div>
<div class="form-group">
<input type="text" class="form-control" name="ildegree" placeholder="University you are graduating from" value="" required />
</div>
<div class="form-group">
<textarea type="text" class="form-control" name="iaboutus" placeholder="What you know about us!" value="" required ></textarea>
</div>
<div class="form-group">
<textarea type="text" class="form-control" name="iaddress" placeholder="Your present address " value="" required ></textarea>
</div>
<div class="form-group" >
<label class="form-control" for="iapply"><input name="icvfile" style=" border: 0; clip: rect(1px, 1px, 1px, 1px); height: 1px; margin: -1px; overflow: hidden; padding: 0; position: absolute; width: 1px;" type="file" name="" id="iapply" accept=".doc, .docx, .pdf, .png, .jpg, . ppt, .pptx" required>Click here to upload your CV</label>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<input class="form-control" name="inname" placeholder="Nick Name you like to called by" value="" required />
</div>
<div class="form-group">
<input type="email" name="iemail" class="form-control" placeholder="Your own mostly used Electronic mail" value="" required />
</div>
<div class="form-group">
<select class="form-control" name="icontrib" required>
<option class="hidden" selected disabled>How you can contribute us?</option>
<option>Graphic Design</option>
<option>Sales</option>
<option>Creative Idea Generation</option>
</select>
</div>
<div class="form-group">
<textarea type="text" class="form-control" name="ixp" placeholder="Your past working experience in short" value="" required ></textarea>
</div>
<div class="form-group">
<textarea type="text" class="form-control" name="ifgoal" placeholder="Where you want to see yourself after 10 years!" value="" required ></textarea>
</div>
<input type="submit" class="btnRegister" name="isubmit" value="Submit"/>
</div>
</div>
</form>
Upper one is the form that I need to filled. Just stuck somewhere, cannot find out.
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
header("Location: https://teambbc.asia/error.html");
}
$sql = "INSERT INTO Intern (Name, Contact, University, AboutUs, Address, NickName, Email, Contribution, Experience, FutureGoal) VALUES ('iname', 'icon', 'ildegree', 'iaboutus', 'iaddress', 'inname', 'iemail', 'icontrib', 'ixp', 'ifgoal')";
//Filename upload
$user=$_POST['inname'];
$cont=$_POST['icon'];
//$filename=basename($_FILES["file"]["name"]);
$tmp=$_FILES["icvfile"]["tmp_name"];
$extension = explode("/", $_FILES["icvfile"]["type"]);
$name=$user.".".$extension[1];
move_uploaded_file($tmp, "recruitment_cv/" . $user. "-" .$cont .".".$extension[1]);
if (mysqli_query($conn, $sql)) {
header("Location: https://teambbc.asia/congratulations.html");
} else {
echo "Error: " . $sql . "" . mysqli_error($conn);
header("Location: https://teambbc.asia/error.html");
}
$conn->close();
}
My connnection with database is okey, I am not thinking about that one.
Your Problem:
You are inserting Strings [ref] rather than Variables [ref] in to your SQL.
See:
$sql = "INSERT INTO Intern (Name, Contact, University, .... )
VALUES ('iname', 'icon', 'ildegree', .... )";
The values in 'quotes' are MySQL string literals. These values are NOT PHP variables. So they will be the same, no matter what variable data you give to PHP.
Solution Basics:
To fix this, you need to understand that when you submit a form the superglobals $_POST/$_GET and $_REQUEST are populated with the form data.
Example:
HTML:
<form action="intern.php" enctype="multipart/form-data" method="post" autocomplete="off">
<input type="text" class="form-control" name="iname" placeholder="Your Certificates name" value="" required />
<input type='submit' value='Button to submit the form'>
</form>
PHP:
if(!empty($_POST['iname'])){
print_r($_POST['iname']); // This will output the value entered into the form for the iname form element.
}
So Applying This To Your SQL:
You need to at a very basic level turn your strings into variables:
$sql = "INSERT INTO Intern (Name, Contact, University, .... )
VALUES ('".$_POST['iname']."', '".$_POST['icon']."', '".$_POST['ildegree']."', .... )";
BUT:
THIS IS DEEPLY INSECURE.
YOU MUST NEVER, EVER TRUST USER SUBMITTED DATA. EVER.
Reference and Reference
So how should you save this data safely, to your SQL table?
By using Prepared Statements; either PDO or MySQLi.
My example here will use Object Orientated MySQLi Prepared Statements:
$sql = "INSERT INTO Intern (Name, Contact, University) VALUES (?,?,?)";
$insert = $conn->prepare($sql);
/***
* See https://www.php.net/manual/en/mysqli-stmt.bind-param.php
* You can add multiple values at once:
***/
$insert->bind_param("sss", $_POST['iname'],$_POST['icon'],$_POST['ildegree']);
$insert->execute();
This will insert the data (example only three bits of data but you should get the idea), safely and easily into your database.
There is a lot I have missed out for simplicity and verboseness, so you should read up on how to use PDO/MySQLi proficiently.
NOTES:
One ? in the SQL string for each placeholder.
One value letter in the bind_param for each placeholder value. The value, and the corresponding value letter (i,s,d,b) MUST match the SQL column type (you can't insert string-type (s) values into integer-type columns (INT, TINYINT, etc.).
In MySQLi order is important, the first ? will relate to the first bind_param value (in the example codeblock above, $_POST['iname']).
Qualifier:
Some of your MySQL PHP code uses procedural interactions, and functions - and some of your MySQL PHP code uses Object Orientated interactions and functions. These CAN NOT BE MIXED and will result in errors and inconsistencies for you.
ALWAYS USE OBJECT ORIENTATED PHP/MYSQL INTERACTIONS Reference and Reference
Objct orientated interactions use the -> syntax.
You have:
if ($conn->connect_error) {
error_log("Connection failed: " . $conn->connect_error);
header("Location: https://teambbc.asia/error.html");
}
This is Object Orientated. This is best.
But:
mysqli_query($conn, $sql);
This is Procedural. This is not best. The OO version of this line would be $var = $conn->query($sql).
Bonus advice:
Do not use die to output error messages to the screen, error messages should always be output to the error log file.
When using header("Location: ... "); you must always put die() or exit afterwards:
Example:
if ($conn->connect_error) {
error_log("Connection failed: " . $conn->connect_error);
header("Location: https://teambbc.asia/error.html");
exit;
}
Good luck!
You should assign data to variables firstly. After that, you can insert to db.
function make_secured($x)
{
$variable = strip_tags(mysql_real_escape_string(trim($x)));
return $x;
}
$_POST = make_secured($_POST);
$name = $_POST['iname'];
$contact = $_POST['icon'];
$sql = "INSERT INTO Intern (Name, Contact) VALUES ('$name', '$contact')";
make_secured() function does checking all sql injection attacks in the POST.
First sorry for my bad english. below is my form image i have a form in my My Website first how to get the values from menu to text box then store the values in to database using Php .i have attached my code and image.I am beginner in Php .
Please help me
HTML CODE
<div class="taxi-form-full">
<div class="container">
<form method="POST" action="">
<div class="menu-types">
Standart
Business
Vip
Bus-Minivan
</div>
<div class="row forms">
<div class="col-md-3">
<div class="form-group">
<input type="text" id="searchTextSrc" name="source" value="" placeholder="From Address..." class="ajaxField"><span class="fa fa-map-marker"></span>
<input type="hidden" id="citySrc" name="citySrc" />
<input type="hidden" id="cityLatSrc" name="cityLatSrc" />
<input type="hidden" id="cityLngSrc" name="cityLngSrc" />
</div>
</div>
<div class="col-md-3">
<div class="form-group">
<input type="text" id="searchTextDes" name="destination" value="" placeholder="To..." class="ajaxField"><span class="fa fa-map-marker"></span>
<input type="hidden" id="cityDes" name="cityDes" />
<input type="hidden" id="cityLatDes" name="cityLatDes" />
<input type="hidden" id="cityLngDes" name="cityLngDes" />
</div>
</div>
<div class="col-md-3">
<div class="form-group">
<input type="text" id="phone" name="phone" value="" placeholder="Phone Number" class="ajaxField required"><span class="fa fa-phone"></span>
</div>
</div>
<div class="col-md-3">
<div class="form-group">
<input type="text" id="text" name="datetime" value="" placeholder="Date and Time" class="ajaxField js-datetimepicker"><span class="fa fa-calendar"></span>
</div>
</div>
</div>
<input type="submit" name="submit" value="submit" class="btn btn-lg btn-red aligncenter">
</form>
</div>
</div>
Php Code
<?php
$hname = 'localhost';
$uname = 'root';
$pword ='';
$dbase ='sample';
$con = mysqli_connect($hname, $uname , $pword ,$dbase );
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}
if(isset($_POST['submit'])){
$phone = $_POST['phone'];
$datetime = $_POST['datetime'];
$query = mysqli_query($con,"insert into test(phone, datetime) values ('$phone', '$datetime')");
}
Instead of using anchors as part of your navigation you can use radio fields.
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/radio
This will then send you the appropriate menu item chosen via the $_POST variable.
<label class="type-1">
<input type="radio" name="menu" value="Standart" checked /> Standart
</label>
<label class="type-2">
<input type="radio" name="menu" value="Business" /> Business
</label>
<label class="type-3 red">
<input type="radio" name="menu" value="VIP" /> Vip
</label>
<label class="type-4">
<input type="radio" name="menu" value="Bus" /> Bus-Minivan
</label>
In PHP you'll receive the value based on what option was checked.
<?php
$menu = $_POST['menu'];
You'll need to change the styling of the radio fields to match what you had for your anchors. As the input is within the label you can style the label and hide the input field to keep the same look and feel.
Styling radio button
This method is far more attractive than capturing the clicks with JavaScript and injecting the value into a text field as it'll work with or without JavaScript.
One of the ways you could achieve this is by using AJAX. In my example, I'll use jQuery AJAX, which will require you to include a jQuery library to your application. The reason I personally use jQuery is because it simplifies the JavaScript code a lot, and so it makes it easier to write and understand.
Now, in your question, you mention the element textbox, but I do not see that element anywhere? Do you mean your input fields, which is an entirely different thing? Since I don't see any textbox elements, I am going to assume that you mean input fields.
Before jumping straight into the AJAX function, I'd like to explain a few things. Basically what we will do with the AJAX function is to parse values to another page, which will handle our database logic, such as INSERT the data etc.
The key elements in an AJAX function is its options that you define in the function.
type, which is the data type of your data that you are going to
parse. Examples would be GET and POST
url, which is where you define the page where the data that will get parsed.
data, which is where you will define your data variables that you will be parsing.
optionally, success, which is a function where you can define certain actions to occur upon success of your AJAX function.
The AJAX function:
function submitForm() {
$.ajax({
type : "POST",
url : "/your_page.php",
data : {
standart: $("[data-value='Standart']").val(),
business: $("[data-value='Business']").val(),
vip: $("[data-value='VIP']").val(),
bus: $("[data-value='Bus']").val(),
searchTextSrc: $("#searchTextSrc").val(),
citySrc: $("#citySrc").val(),
cityLatSrc: $("#cityLatSrc").val(),
searchTextDes: $("#searchTextDes").val(),
cityDes: $("#cityDes").val(),
cityLatDes: $("#cityLatDes").val(),
cityLngDes: $("#cityLngDes").val(),
phone: $("[name='phone']").val(),
datetime: $("[name='datetime']").val()
},
success: function (html) {
//do something on success
}
})
}
Note that I encapsulated the AJAX function into another function that I named submitForm(). You can choose to call this function onclick on your button in order to trigger your AJAX function.
<button onclick="submitForm();">Submit content</button>
Since you weren't entirely specific on precisely which elements values you'd like to retrieve, I targeted them all. I am actually uncertain if $("[data-value='whatever']") is a valid selector. If it's not, simply give them an id or a name attribute to go by instead.
Now, since I defined the type in the AJAX function to be POST, you will have to use $_POST in your PHP file to fetch the data that has been parsed from the AJAX function.
In your PHP page:
<?php
$standart = $_POST['standart'];
$business = $_POST['business'];
$vip = $_POST['vip'];
$bus = $_POST['bus'];
$searchTextSrc = $_POST['searchTextSrc'];
$citySrc = $_POST['citySrc'];
$cityLatSrc = $_POST['cityLatSrc'];
$searchTextDes = $_POST['searchTextDes'];
$cityDes = $_POST['cityDes'];
$cityLatDes = $_POST['cityLatDes '];
$cityLngDes = $_POST['cityLngDes '];
$phone = $_POST['phone '];
$datetime = $_POST['datetime '];
/* You now have all your parsed variables as PHP variables
that you can choose to INSERT into your database. */
$hname = 'localhost';
$uname = 'root';
$pword ='';
$dbase ='sample';
$con = mysqli_connect($hname, $uname , $pword ,$dbase );
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}
$sql="INSERT INTO test SET phone='$phone', datetime='$datetime'";
mysqli_query($con, $sql);
?>
However, please note that you are wide open to SQL Injections, which is one of the reasons #R. Chappell dropped this link in the comment section.
I was wondering what the syntax was in PHP to update a row in a PostgreSQL database. I have made a login page that checks a UserName and Password from a database, then it goes to a page where it displays all the user info from the database for that user name. I am trying to allow the user to change some of the columns, like password, name, etc. So I added another page that has fields for each of the columns I want to change.
This is the code I have for the query:
if(array_key_exists('save',$_POST))
{
$firstname=$_POST['ifirstname'];
$lastname=$_POST['ilastname'];
$email=$_POST['iemail'];
$password=$_POST['ipassword'];
$conn_string='host=#### port=#### dbname=###### user=####### password=######';
$dbconn=pg_connect($conn_string) or die('Connection failed');
$query="UPDATE project.customer SET FirstName='$firstname',
LastName='$lastname',Email='$email',Password='$password')
WHERE UserName=$1";
$result=pg_query($dbconn,$query);
$row_count= pg_num_rows($result);
pg_free_result($result);
pg_close($dbconn);
}
This is for the fields:
<div id="header">UPDATE USER INFO</div>
<form id="testform" name="testform" method="post" action="" >
<p> <label for="ifirstname">First Name:</label>
<input name="ifirstname" type="text" id="ifirstname"/>
</p>
<p> <label for="ilastname">Last Name:</label>
<input name="ilastname" type="text" id="ilastname"/>
</p>
<p> <label for="iemail">E-Mail:</label>
<input name="iemail" type="text" id="iemail"/>
</p>
<p>
<label for="ipassword">Password:</label>
<input name="ipassword" type="password" id="ipassword"/>
</p>
<p>
<label for="iconfpass">Confirm Password:</label>
<input name="iconfpass" type="password" id="iconfpass"/>
</p>
<p>
<input type="submit" name="save" value="Register"/>
</p>
</form>
I think it must be like this. Also make user to write old password when changing data for security reason. Also dont forget to filter your data before using in query to avoid sql injection attacks
$query="UPDATE project.customer
SET (FirstName,LastName,Email,Password) =
('$firstname','$lastname','$email','$password')
WHERE UserName= '$1' and Password = '$oldpassword'";
Why not just use standard SQL syntax?
Update project.customer Set
"FirstName" = '$firstname',
...
Where ...
The main difference in Postgres is that you usually quote the column names.
I have the code below:
<html><body>
<?php
$con = mysql_connect("localhost","will","blahblah");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("blahblah", $con);
$sql="INSERT INTO links (link, notes, username)
VALUES
('$_POST[link]','$_POST[notes]','$_POST[username]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 link added";
mysql_close($con)
?>
</body></html>
It should insert a link and notes and a username into my database but it doesn't. I am clueless as to why and would appreciate some help with it! It is getting these values from the form below:
<div id="stylized" class="myform">
<form id="form" name="form" method="post" action="user.php">
<label>Username
<span class="small">Enter Your Username</span>
</label>
<input type="text" name="name" id="username" />
<label>Link
<span class="small">Paste Your Link</span>
</label>
<input type="text" name="email" id="link" />
<label>Notes
<span class="small">Add Some Notes</span>
</label>
<input type="text" name="password" id="notes" />
<button type="submit"></button>
<div class="spacer"></div>
</form>
</div>
Thanks!
I see at least three problems, with your code :
First, when injecting strings into an SQL query, you must escape it, using mysql_real_escape_string() :
$link = mysql_real_escape_string($_POST['link']);
$notes = mysql_real_escape_string($_POST['notes']);
$username = mysql_real_escape_string($_POST['username']);
$sql="INSERT INTO links (link, notes, username)
VALUES ('$link','$notes','$username')";
Third, in your PHP code, you must use the name attribute of your input fields -- and not their id attributes.
Considering your HTML code looks like this :
<input type="text" name="name" id="username" />
<input type="text" name="email" id="link" />
<input type="text" name="password" id="notes" />
You should work with :
$_POST['name'], and not $_POST['username']
$_POST['email'], and not $_POST['link']
$_POST['password'], and not $_POST['notes']
Note : using a name and an id that are that different leads to troubles ;-)
So, to summarize, your code should look a bit more like this :
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
$name = mysql_real_escape_string($_POST['name']);
$sql="INSERT INTO links (link, notes, username)
VALUES ('$email','$password','$name')";
Note : you should use the same names for the input fields, and the fields in the table -- it would make your code easier to understand.
Replace it :
$sql="INSERT INTO links (link, notes, username)
VALUES
('$_POST[link]','$_POST[notes]','$_POST[username]')";
with:
$sql="INSERT INTO links (link, notes, username)
VALUES
('". mysql_escape_string($_POST['name']) ."','".
mysql_escape_string($_POST['email']) ."','".
mysql_escape_string($_POST['password']) ."')";
Note that POST variables you're trying to use in Your query are completely different from those on your form
The indexes of POST variables must match the names of the form items.
So either write:
<input type="text" name="link" id="link" /> or use $_POST[email]
Adapt for the other variables.
id attributes are meaningless when submitting the form. You probably want to swap the name and id attributes.
Currently, $_POST['name'], $_POST['email'] and $_POST['password'] are being submitted instead of $_POST['username'], $_POST['link'] and $_POST['notes'].
Your code is also vulnerable to SQL injection.
The items in $_POST are indexed by name attribute, not by id.