I have a form in my website, but I can't fix one problem. When I write some text in the form box, it sends the data to the database. When I hit refresh, the page sends the same data again, to the database. What is the problem with my code?
<?php
if(isset($_POST['submit']))
{
$err = array();
$diss = $_POST['type'];
$sub = $_POST['sub'];
$msg = $_POST['msg'];
$uname = $_SESSION['uname'];
$date = "On " . date("F Y h:i:s A");
if (!isset($_SESSION['uname']))
$err[] = "You need to login";
else
{
if(empty($sub) && empty($msg))
$err[] = "All field required";
else
{
if(empty($sub))
$err[] = "Subject Requried";
if(empty($msg))
$err[] = "Message Requried";
}
}
if(!empty($err))
{
foreach($err as $er)
{
echo "<font color=red><b>$er</b></font>";
}
}
else
{
$sql= mysql_query("INSERT INTO discussion VALUES ('', '$diss', '$sub', '$msg', '$uname', '$date' ) ");
if(!$sql)
echo "Can't submit your discussion";
else
{
echo "Discussion was submitted";
}
}
}
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"
name="discussion">
<table width="240" border="0" cellspacing="0" cellpadding="0">
<tr>
<td style="width:230;"><b>Select your Discussion</b>
<select name="type">
<?php
$sqld = mysql_query("SELECT * FROM distype");
while($row = mysql_fetch_assoc($sqld))
{
$d_id = $row['d_id'];
$diss = $row['type'];
echo "<option value='$diss'>$diss</option>";
}
?>
</select></td>
</tr>
<tr>
<td><b>Subject</b></td>
</tr>
<tr>
<td><input type="text" name="sub" value="" size="33" class=""/></td>
</tr>
<tr>
<td><b>Message</b></td>
</tr>
<tr>
<td><textarea cols="30" rows="3" name="msg" class=""></textarea></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Submit Form"><br>
<td></td>
</tr>
</table>
On successful form submit you need to reload the url or redirect him somewhere to prevent user from inserting data to the database.
$sql= mysql_query("INSERT INTO discussion VALUES ('', '$diss', '$sub', '$msg', '$uname', '$date' ) ");
if(!$sql)
echo "Can't submit your discussion";
else
{
header("Location: page.php?mode=success");
//or
header("Location: ".$_SERVER['REQUEST_URI']); //which will just reload the page
}
The problem is, that your code will execute the same way when sent the same data. You need to protect against double inserts by one of many contructs:
Unique key on the table
Store hash of last post in session, refuse post if it has the same hash as stored
redirect user to different page on succes, so that a refresh will not cause the same POST
Related
I can fetch the data but the submit button is not working.
I am confused with the update query and storing data in array.
Here is the code for fetching and showing data in table.
`<?php
while ($rows=mysqli_fetch_assoc($result)){ ?>
<tr>
<td align="center">
<?php $id[]=$rows['id']; ?><?php echo $rows['id']; ?>
</td>
<td align="center">
<input name="name[]" type="text" id="name" value="<?=$rows['name']; ?>">
</td>
<td align="center">
<input name="lastname[]" type="text" id="lastname" value="<? =$rows['lastname']; ?>">
</td>
<td align="center">
<input name="email[]" type="text" id="email" value="<?=$rows['email']; ?>">
</td>
</tr>
`
Here is the code for submit button
if ($_SERVER["REQUEST_METHOD"] == "POST" && $_POST["Submit"] != ""){
$count = mysqli_num_rows($result);
for($i=0;$i<$count;$i++){
$sql2="UPDATE test_mysql SET name='".$_POST["name"][$i]."',lastname='".$_POST["lastname"][$i]."', email='".$_POST["email"][$i]."' WHERE id='$id[$i]'";
$result1=mysqli_query($con, $sql2);
}
header("Location: update-multiple-2.php");
}
If you handle POST after outputting form (to set variable $id) and variable $test_mysql is set to existing table in your database and all columns exists and you are only one who can add or remove row (because it will change the $id variable) then it should work.
Maybe this could help:
if(!$result1=mysqli_query($con, $sql2)){
echo 'Error: '.mysqli_error();
}
You need to debug it somehow:
if ($_SERVER["REQUEST_METHOD"] == "POST" && $_POST["Submit"] != ""){
$count = mysqli_num_rows($result);
$error = '';
for($i=0;$i<$count;$i++){
$sql2="UPDATE $test_mysql SET name='".$_POST["name"][$i]."',lastname='".$_POST["lastname"][$i]."', email='".$_POST["email"][$i]."' WHERE id='$id[$i]'";
if(mysqli_query($con, $sql2) === FALSE){
$error .= 'SQL query failed, SQL: '.$sql2.', Error: '.mysqli_error() . "\n";
}
}
if(!$error){
header("Location: update-multiple-2.php");
}else{
echo $error;
exit();
}
}
This question already has answers here:
What does enctype='multipart/form-data' mean?
(9 answers)
Closed 6 years ago.
I have a simple registration form, in which I accept inputs from the user that includes an image, and insert the values in a table : temporary_employees table . In my code, I check whether the email id and the user id entered by the user already exists and if they dont , i go ahead and perform the insert after moving the image to a folder named 'images' . While running the code , I am getting an error Undefined index: image, on the line where I have the following piece of code :
$target_file = $target_path . basename ($_FILES['image']['name']);
The most interesting thing is the same line of code has worked perfectly well in another php file . I had given the same name for the input in the html form . . How is it possible ? Any help will be appreciated .
Here is my code :
//start the session before anything is echoed to the browser
if (session_status()===PHP_SESSION_NONE) {
session_start();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>
Login form
</title>
</head>
<body>
<h3>Registration Form</h3>
<form action ="" method="POST">
<table align="center" cellpadding="10">
<tr>
<td>Name</td>
<td><input type="text" maxlength='100' name="empname" id="empname" required></td>
</tr>
<tr>
<td>Email Id</td>
<td><input type="text" maxlength='100' name="emailid" id="emailid" required>
</td>
</tr>
<tr>
<td>User Id</td>
<td><input type="text" maxlength='100' name="userid" id="userid" required ></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" maxlength='100' name="pwd" id="pwd" required ></td>
</tr>
<tr>
<td>Date of Birth</td>
<td>
<select name='year'>
<option value='2015'>2015</option>
<option value='2016'>2016</option>
</select>
<select name='month'>
<option value='01'>January</option>
<option value='02'>February</option>
<option value='03'>March</option>
<option value='04'>April</option>
<option value='05'>May</option>
</select>
<select name='day'>
<option value='01'>1</option>
<option value='02'>2</option>
<option value='03'>3</option>
<option value='04'>4</option>
<option value='05'>5</option>
</select></td>
</tr>
<tr>
<td>Designation</td>
<td><input type="text" maxlength='100' name="designation" id="designation" required></td>
</tr>
<tr>
<td>Department</td>
<td><input type="text" maxlength='100' name="department" id="department" required></td>
</tr>
<tr>
<td>Image</td>
<td><input type="file" maxlength='100' name="image" required></td>
</tr>
<tr>
<td>
<input type="submit" name="login" value="Register Yourself">
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
//create a connection
$conn = mysqli_connect('localhost', 'root', '', 'attendance');
//on the click of submit button
if (isset($_POST['login'])) {
//capture the $_POST values
$name = $_POST['empname'];
$name = trim($name);
$email = $_POST['emailid'];
$email = trim($email);
$userid = $_POST['userid'];
$userid = trim($userid);
$pwd = $_POST['pwd'];
$pwd = trim($pwd);
$desg = $_POST['designation'];
$desg = trim($desg);
$dept = $_POST['department'];
$dept = trim($dept);
$day = $_POST['day'];
$month = $_POST['month'];
$year = $_POST['year'];
$date = $year.$month.$day;
//display a message if there is a blank entry for email
if ($email=="") {
echo "Please enter a valid email id";
}
//display a message if there is a blank entry for userid
if ($userid=="") {
echo "Please enter a valid User Id";
}
//check if the email id exists
$sql_check_email = "select * from employee where emp_email='$email';";
mysqli_query($conn, $sql_check_email);
$aff_email = mysqli_affected_rows($conn);
// if email id exists ..display message
if ($aff_email==1) {
$msgemail = "The email id exists";
echo $msgemail;
//display error message if there is an error
} else if ($aff_email>1) {
$msgemail = "There are multiple employees with the same email";
echo $msgemail;
//display message if there is an error firing the query
} else if ($aff_email<0) {
echo "There is an error ..Try again";
}
//check if the user id exists
$sql_check_userid = "select * from employee_login where emp_uid='$userid';";
mysqli_query($conn, $sql_check_userid);
$aff_userid = mysqli_affected_rows($conn);
if ($aff_userid==1) {
$umsg = "User id already exist";
echo $umsg;
//display error message if there is an error when the query is fired
} else if ($aff_userid<0) {
echo "There is an error ..Try again";
}
//if neither the user id nor the email id exist, upload image and do the insert
if ($aff_userid==0 && $aff_email==0) {
$target_path = "images/";
$target_file = $target_path . basename ($_FILES['image']['name']);
//if the image is moved to the images folder , do the insert
if (move_uploaded_file($_FILES['image']['tmp_name'], $target_file)) {
$image = basename($_FILES['image']['name']);
$sql_ins = "INSERT INTO temporary_employee(emp_uid,emp_pwd,
emp_name,emp_email,emp_dob,emp_designation,
emp_department,emp_image)
VALUES('$userid','$pwd','$name','$email','$date',
'$desg','$dept','$image')";
mysqli_query($conn, $sql_ins);
$aff_insert = mysqli_affected_rows($conn);
//display success message if insert is successfull
if ($aff_insert==1) {
echo "You have successfully registered ...awaiting approval by admin";
//display message if there were no insert
} else if ($aff_insert==0) {
echo "The registration has failed ..Try again";
//diplay error message if there was an error while firing the insert query
} else if ($aff_insert<0) {
echo "There was an error ..Try again";
}
}
}
}
?>
While using Image Uploading in the form you have to use the enctype in the form attribute.
<form action ="" method="POST" enctype="multipart/form-data">
</form>
Change
<form action ="" method="POST">
to
<form enctype="multipart/form-data">
And try again.
The enctype attribute specifies how the form-data should be encoded when submitting it to the server.
I'm working on a registration form for my website.
One of the fields on my registration form is a drop down box that is populated by a table on my MySQL database.
I originally wrote the registration script a different way but I needed to change how the form worked to accommodate the new drop down box and the way it gathered its data.
Before the changes the form was successfully submitted, but now it just gives me a white screen.
I have checked the mysqli_connect.php with an if-else statement. It showed that it was working but no registrations were being sent to the MySQL server when the submit button was pressed. Also, the drop down box was not showing any of the content from the MySQL table that it was linked to.
Below is a copy of the script that I am using:
<?php
#ini_set('display_errors', 'on');
echo "<h1>Register</h1>";
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$errors = array();
if (empty($_POST['firstname'])){
$errors[] = 'Your forgot to enter your first name.';
}else{
$firstname = trim($_POST['firstname']);
}
if (empty($_POST['lastname'])){
$errors[] = 'Your forgot to enter your last name.';
}else{
$lastname = trim($_POST['lastname']);
}
if (empty($_POST['username'])){
$errors[] = 'Your forgot to enter your username.';
}else{
$username = trim($_POST['username']);
}
if (!empty($_POST['password1'])) {
if ($_POST['password1'] != $_POST ['password2']) {
$errors[] = 'Your password did not match the confirmed password!';
}else{
$password = trim($_POST['password1']);
}
} else {
$errors[] = 'You forgot to enter your password!';
}
if (empty($_POST['birthdate'])){
$errors[] = 'Your forgot to enter your birthdate.';
}else{
$birthdate = trim($_POST['birthdate']);
}
if (empty($_POST['gamespyid'])){
$errors[] = 'Your forgot to enter your gamespy id.';
}else{
$gamespyid = trim($_POST['gamespyid']);
}
if (empty($errors)) {
require ('mysqli_connect.php');
$q="INSERT INTO Users (firstname, lastname, username, password1, birthdate, gamespyid, base) VALUES ('$firstname', '$lastname', '$username', SHA1('$password1'), '$birthdate', '$gamespyid', '$base')";
$r = #mysql_query($dbc, $q);
if ($r){
echo'<p>You are now registered</p>';
}else{
echo'<p>You have not been registered</p>';
}
} else {
echo 'Error<br> <p>The following errors have occured:<br/>';
foreach ($error as $msg) {
echo " - $msg<br/>\n";
}
echo '</p><p>Please try again.</p><p><br/></p>';
} //if no errors
} //submit
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<title></title>
</head>
<body>
<form action="../pages/register.inc.php" method='POST'>
<table summary="REgform">
<tr>
<td>First Name:</td>
<td><input type='text' name='firstname' value='<?php echo $firstname; ?>'></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type='text' name='lastname'value='<?php echo $lastname; ?>'></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username'value='<?php echo $username; ?>'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password1'></td>
</tr>
<tr>
<td>Repeat Password:</td>
<td><input type='password' name='password2'></td>
</tr>
<tr>
<td>Birthdate:</td>
<td><input type='text ' name='birthdate'value='<?php echo $birthdate; ?>'></td>
</tr>
<tr>
<td>Gamespy Id:</td>
<td><input type='text' name='gamespyid'value='<?php echo $gamespyid; ?>'></td>
</tr>
<tr>
<td>Base:</td>
<td><select name="base" size="1">
<option>
Select One
</option>
<?php require('http://www.virtual-aviation.org/gatewayaviation/admin/mysqli_connect.php');
$q = "SELECT id, CONCAT_WS(' ', airport_name, airport_code) FROM airports ORDER BY airport_code ASC";
$r = mysqli_query ($dbc, $q);
if (mysqli_num_rows($r) > 0) {
while ($row = mysql_fetch_array ($r, MYSQL_NUM)) {
echo "<option value=\"$row[0]\"";
if (isset($_POST['existing']) && ($_POST['existing'] == $row[0]) ) echo 'selected="selected"'; echo ">$row[1]</option>\n";
}
} else {
echo '<option>Please a new airport first.</optioon>';
}
mysqli_close($dbc);
?>
</select></td>
</tr>
</table>
<p><input type='submit' name='submit' value='Register'></p>
</form>
</body>
</html>
Errors found in the dropdown box area
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in /home5/virtua15/public_html/gatewayaviation/pages/register.inc.php on line 178
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /home5/virtua15/public_html/gatewayaviation/pages/register.inc.php on line 180
Please a new airport first.
You can't require from 'http'. You need to change
require('http://www.virtual-aviation.org/gatewayaviation/admin/mysqli_connect.php');
to some local path like
require('mysqli_connect.php');
IMHO First check your mysql query by echoing it and then run the query through editor.
Second, although you have set display_errors but still you might not able to view the errors.
Ok help..my registration page worked on the local server but its now saying that the two mysql lines are not valid when its online..why does it change when it goes online? the code pasted is all thats relevant. for some reason it doesnt like the transaction..and the email check mysql bit
include 'Connect.php'; //Connects to database
//When form is submit:-
if(isset($_POST['submit']))
{
// On submit, retrieve table values for php.
$Firstname = mysql_real_escape_string($_POST['firstname']);
$Surname = mysql_real_escape_string($_POST['surname']);
$Password = mysql_real_escape_string($_POST['password']);
$PasswordCheck = mysql_real_escape_string($_POST['passwordcheck']);
$Email = mysql_real_escape_string($_POST['email']);
$EmailCheck = mysql_real_escape_string($_POST['emailcheck']);
//CHECKS.
//Check username is available by retrieving any same values from the DB table.
$CheckEmailAvailable = mysql_query("SELECT * FROM 'user_details' WHERE Email = '$Email'");
echo $CheckEmailAvailable;
// $result = mysql_query("SELECT * FROM $tbl WHERE Email='$email' and LoginPassword='$password'");
$Results = mysql_fetch_array($CheckEmailAvailable);
//If Username field is blank.
if($Email == null )
{
echo "You must enter an email address.";
$url = htmlspecialchars($_SERVER['HTTP_REFERER']);
echo "<br/><br/>";
echo "<a href='$url'>Click Here To Return</a>";
die();
}
//If RESULTS is any value other than NULL, die.
if($Results != null )
{
echo "Email already taken. Please try another.";
$url = htmlspecialchars($_SERVER['HTTP_REFERER']);
echo "<br/><br/>";
echo "<a href='$url'>Click Here To Return</a>";
die();
}
//If Password and PasswordCheck fields in reg do not match, die.
if($Password != $PasswordCheck)
{
echo "The passwords you have entered do not match. Please try again.";
$url = htmlspecialchars($_SERVER['HTTP_REFERER']);
echo "<br/><br/>";
echo "<a href='$url'>Click Here To Return</a>";
die();
}
//If Password field is NULL (i.e. blank) die.
if($Password == Null)
{
echo "Your password must not be blank.";
$url = htmlspecialchars($_SERVER['HTTP_REFERER']);
echo "<br/><br/>";
echo "<a href='$url'>Click Here To Return</a>";
die();
}
//If Email and EmailCheck are not equal, die.
if($Email != $EmailCheck)
{
echo "The email addresses you have entered do not match. Please try again.";
$url = htmlspecialchars($_SERVER['HTTP_REFERER']);
echo "<br/><br/>";
echo "<a href='$url'>Click Here To Return</a>";
die();
}
//ELSE add data to DB.
else
{
//BEGIN TRANS
mysql_query("BEGIN TRAN");
//TABLE ADD.
$sql=mysql_query("INSERT INTO `user_details` (`Firstname`, `Surname`, `Email`, `Password`) VALUES ('$Firstname', '$Surname', '$Email', '$Password')")
or mysql_query("ROLLBACK TRAN") . die(mysql_error("Error registering, the database may be down, please try again later."));
//COMMIT transaction, to ensure data is added properly.
mysql_query("COMMIT TRAN");
header( 'Location: RegSucc.php' ) ;
}
} ?>
<html>
<!--Registration Form-->
<form name="form1" method="post" style="margin-left: 28%" action="Register.php">
<table width="100%" border="0" cellpadding="3" cellspacing="1">
<tr>
<td colspan="3"><strong>Register Account</strong></td>
</tr>
<tr>
<td style="width: 83px">First Name:</td>
<td>:</td>
<td><input name="firstname" type="text"/></td>
</tr>
<tr>
<td style="width: 83px">Surname:</td>
<td>:</td>
<td><input name="surname" type="text"/></td>
</tr>
<tr>
<td style="width: 83px">Email Address:</td>
<td>:</td>
<td><input name="email" type="text"/></td>
</tr>
<tr>
<td style="width: 83px">Email Address Confirmation:</td>
<td>:</td>
<td><input name="emailcheck" type="text"/></td>
</tr>
<tr>
<td style="width: 83px">Password:</td>
<td>:</td>
<td><input name="password" type="password"/></td>
</tr>
<tr>
<td style="width: 83px">Verify Password:</td>
<td>:</td>
<td><input name="passwordcheck" type="password"/></td>
</tr>
<tr>
<td style="width: 83px"> </td>
<td> </td>
<td><input type="submit" name="submit" value="Register"/></td>
</tr>
</table>
</form>
The query
SELECT * FROM 'user_details' WHERE Email = '$Email'
Is invalid. When denoting table names, it is good practice to use backticks, but using quotes will not work!
SELECT * FROM `user_details` WHERE Email = '$Email'
On your localhost, it may be setup to work with quotes. However, that is not the way it is "supposed" to be, and the server's installation may be different. Moral of the story: don't take shortcuts or use ugly code. Don't forget to backtick table names or columns, don't use PHP shorttags, etc.
$sql=mysql_query("INSERT INTO `user_details` (`Firstname`, `Surname`, `Email`, `Password`) VALUES ('$Firstname', '$Surname', '$Email', '$Password')")
should be
$sql=mysql_query("INSERT INTO user_details (Firstname, Surname, Email, Password) VALUES ('$Firstname', '$Surname', '$Email', '$Password')")
Also
SELECT * FROM 'user_details' WHERE Email = '$Email'
should be
SELECT * FROM user_details WHERE Email = '$Email'
that's it...
Change this line
$CheckEmailAvailable = mysql_query("SELECT * FROM 'user_details' WHERE Email = '$Email'");
to
$CheckEmailAvailable = mysql_query("SELECT * FROM user_details WHERE Email = '".$Email."'");
The problem is that when you moved to another server online (I can guess you were developing on Windows[which is case insensitive in MySQL], and your online server is Linux[case sensitive in MySQL]
If your string contains a variable to be evaluated and parsed, the use of single quotes around that variable name, within the double quote containing that string, is not so reliable most times. The best approach, (from personal experiences) is to do a concatenation.
Here is the code.
I really dont why it is not submitting my information.
<?php
//Includes mass includes containing all the files needed to execute the full script
//Also shows homepage elements without customs
include ("includes/mass.php");
//Grabbing data form POST array and storing in variables plus the date
$username = ($_POST['username']);
$password = ($_POST['password']);
$conpassword= ($_POST['password2']);
$firstname = ($_POST['firstname']);
$lastname = ($_POST['lastname']);
$email = ($_POST['email']);
$submit = ($_POST['submit']);
$date = date("Y-m-d");
//Reigstration Form
$register = "<div id='registration'>
<h2>Register Here!</h2>
<form action='register.php' method='post'>
<table>
<tr>
<td>
Username
</td>
<td>
<input type='text' name='username' value='$username' >
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
<input type='password' name ='password'>
</td>
</tr>
<tr>
<td>
Confirm Password
</td>
<td>
<input type='password' name ='password2'>
</td>
</tr>
<tr>
<td>
Firstname
</td>
<td>
<input type='text' name='firstname' value='$firstname'>
</td>
</tr>
<tr>
<td>
Lastname
</td>
<td>
<input type='text' name='lastname' value='$lastname' >
</td>
</tr>
<tr>
<td>
Email
</td>
<td>
<input type='text' name='email' value= '$email' >
</td>
</tr>
<tr>
<td>
<input type='submit' class='button' name='submit' value='Sign Up'>
</td>
</tr>
</table>
</form>
</div>";
echo $register;
//Check to make sure user has submitted the correct details
echo "<div id='regform'>";
if (isset($submit))
{
//Querying the database for if the username already exists
$sql = "SELECT * FROM user WHERE username = '$username'";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if (strlen($username)<2)
{
echo ("<br>You must enter a longer username</br>");
exit;
}
elseif (strlen($username) > 25)
{
echo ("You must enter a shorter username<br>");
exit;
}
if ($username==$dbusername)
{
echo ("That username already exists!");
exit;
}
elseif (strlen($password)<6)
{
echo ("<br>'Password must be be between 6 & 26 characters'<br>");
exit;
}
if ($password != $conpassword)
{
echo ("<br>Your passwords dont match<br>");
exit;
}
elseif (strlen($firstname)<=0)
{
echo ("<br>You must enter your firstname<br>");
exit;
}
if (strlen($lastname)<=0)
{
echo ("<br>You must enter your lastname<br>");
exit;
}
elseif (!preg_match('/#/',$email) || (strlen($email)<=6) )
{
echo ("</br>You must enter a proper email address!");
exit;
}
if (!isset($password))
{
echo "You must enter a password!";
exit;
}
elseif (!isset($conpassword))
{
echo ("You must confirm your password");
exit;
}
else
{
//Encrypt the password
$password = md5($password);
$conpassword = md5($conpassword);
//Start Session
session_start();
//push this information to the database
//Submit data to database plus store exec into variable.
$sqlsubmit ="INSERT INTO user VALUES ('','$firstname','$lastname','$username','$password','$email','$date',)";
mysql_query($sqlsubmit);
//echo success.
echo "successfully submitted to the database"."<br>"."<a href='user.php'>Click Here To Go To Your Accont</a>";
exit;
}
}
elseif(!isset($submit))
{
echo "</br>"."Enter your info here!!!!! :))";
}
echo "</div>";
?>
It has been state by Pekka as well as in a comment... but since this is very important, I'll repeat it in a separate (community wiki) answer:
This code is vulnerable to SQL-injection attacks of the worst kind.
Your code is absolutely insecure. It should not be used, no excuses possible. Go read about SQL-Injection and input sanitisation before you proceed any further.
http://xkcd.com/327/
Update: As Quassnoi so subtly points out, you urgently need to secure your input. See the chapter SQL Injection in the PHP manual.
The query fails because you have an extra comma at the end of the line:
$sqlsubmit ="INSERT INTO user VALUES
('','$firstname','$lastname','$username','$password','$email','$date',)";
Use echo mysql_error(); to find out such errors.
Also, the success message gets output, regardless whether the query fails or not.
You want to add a condition:
if (mysql_query($sqlsubmit))
echo "successfully submitted ...";
else
echo "error submitting ..... ".mysql_error();