DatDudeFuddPucker Posted May 17, 2016 Share Posted May 17, 2016 <?php mysql_connect("localhost," "root", "1alphabet") or die("Connection Failed"); mysql_select_db("US_States") or die("Connection Failed"); $user = $_POST['user']; $password = $_POST['userpassword']; $query = "INSERT INTO test(name,password)Values('$user','$password')"; if(mysql_query($query)){ echo "inserted";} else{ echo "fail";} ?> Ok so on the second line where is says "root" I dont know if this is the correct user name to be using. This is the error i get when i run it. Any help? Parse error: syntax error, unexpected '"root"' (T_CONSTANT_ENCAPSED_STRING) in/home/ubuntu/workspace/insert.php on line 2 Link to comment Share on other sites More sharing options...
Don E Posted May 17, 2016 Share Posted May 17, 2016 Comma should between "localhost" and "root" like: "localhost", "root" Just to note, it's recommended to use mysqli instead of mysql. Mysql is deprecated. Link to comment Share on other sites More sharing options...
Ingolme Posted May 17, 2016 Share Posted May 17, 2016 Personally I would recommend PDO over mysqli. Link to comment Share on other sites More sharing options...
DatDudeFuddPucker Posted May 17, 2016 Author Share Posted May 17, 2016 (edited) With the change Don E recommended it worked. I can input the information and it will store in the database. Now another question, can i change to mysqli or PDO in the code and it will work anyway? Or will I have to re-write the code entirely to accommodate those changes? Edited May 17, 2016 by DatDudeFuddPucker Link to comment Share on other sites More sharing options...
justsomeguy Posted May 17, 2016 Share Posted May 17, 2016 You have to rewrite the parts that use the database. Any function call that starts with "mysql_" needs to be replaced if you want your code to run in the current version of PHP. Link to comment Share on other sites More sharing options...
DatDudeFuddPucker Posted May 17, 2016 Author Share Posted May 17, 2016 <?php mysql_connect("localhost", "root", "1alphabet") or die("Connection Failed"); mysql_select_db("US_States") or die("Connection Failed"); $user = $_POST['user']; $password = $_POST['userpassword']; $query = "INSERT INTO test(name,password)Values('$user','$password')"; if(mysql_query($query)){ echo "inserted";} else{ echo "fail";} ?> so does that mean I would change it to this to make it work? or would i change it to (mysqli) and just leave it like that? <?php mysqli_connect ("localhost," "root", "1alphabet") or die("Connection Failed"); mysqli_select_db("US_States") or die("Connection Failed"); $user = $_POST['user']; $password = $_POST['userpassword']; $query = "INSERT INTO test(name,password)Values('$user','$password')"; if(mysql_query($query)){ echo "inserted";} else{ echo "fail";} ?> Link to comment Share on other sites More sharing options...
justsomeguy Posted May 17, 2016 Share Posted May 17, 2016 It's not as easy as changing function names. The way that the old mysql extension was used by most people is inherently insecure. When you do things like this, for example: $query = "INSERT INTO test(name,password)Values('$user','$password')";You're just asking for your web site to get hacked. SQL injection vulnerabilities I think are still the #1 attack vector against web sites, and it's because of code like that. The replacement for that is to use a prepared statement. The old mysql extension does not support prepared statements, which is one reason it was replaced with mysqli back in 2004. Today PDO is often more popular than mysqli because PDO supports more than just MySQL. Both PDO and mysqli support prepared statements though. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now