Help with an SQL insert script ?

I just took a quick look, and I noticed that you do this:

$Firstname = $_POST['FirstName'];

and then this:

$Surname = $POST['Surname'];

$EmailAddress = $POST['EmailAddress'];

$Username = $POST['Username'];

$Password = $POST['Password'];

$ConfirmPassword = $POST['ConfirmPassword'];

Note that in all the latter ones, the underscore between $ and POST is missing.

## EDIT 1 ##

The ConfirmPassword should be between

password

and

You did not complete all fields, please try again

so if it's missing, that's probably what is causing the problem. Just after

//ensure form has been completed

add the line:

echo 'ConfirmPassword now is >', $ConfirmPassword, '<'; exit;

The > and < are only added so you can see if there's actually something in that string, even if it's only whitespace.

## EDIT 2 ##

This line

$rows2 = mysql_num_rows($check2);

already gives you the number of ros that were updated by your earlier query (DML statement), so you don't need to do this:

$rowscheck2 = mysql_query($rows2);

if($rowscheck2==0) {

Instead, do this:

$rows2 = mysql_num_rows($check2);

if($rows2==0) {

That should fix your latest problem.

## EDIT 3 ##

OK, this:

$sql2 = "SELECT Email_Address FROM `billyboy_users`.`users WHERE Email_Address = '".$EmailAddress."'";

should be

$sql2 = "SELECT Email_Address FROM `billyboy_users`.`users` WHERE Email_Address = '".$EmailAddress."'";

(note backtick after `users`) and this

}

echo "The two passwords you entered did not match";

should be

} else {

echo "The two passwords you entered did not match";

}

## EDIT 4 ##

The data isn't stored because... you don't store it. :-) You create a SQL INSERT statement , but you don't do mysql_query($register_sql) --or whatever you need to do...

That should do it. :-)

Here's a registration form / script I threw together, which you can use as a template.

http://pastebin.com/raw.php?i=PquLi50y

1. This script does one-way encryption on the password before its INSERT. This way, the plain-text password is not recorded anywhere. Then, when the user logs in, use the same one-way encryption to check what they entered against what's in the database.

2. You're doing some basic sanitization of user inputs, which is good, but there's more you can do. Check lengths, formats, and special characters; instead of concatenating the variables into your SQL string, use placeholders, then bind the variables to the placeholders.

3. Stop using the mysql extension, which includes all those functions that begin with mysql_. This extension is no longer maintained by the PHP team, and is flagged for deprecation. They've introduced two newer, better extensions for interacting with MySQL database: PDO and MySQLi. My script uses PDO, which I recommend because it supports all the major RDBS.

4. In your SQL statement, you don't need to wrap all your table and column names in backticks. This is only needed if you've named something using a reserved word, which you generally shouldn't do in the first place.

5. You don't need to refer to the ID column in your SQL statement. I'm assuming this is an auto-number. The columns in your INSERT INTO list should match exactly the elements in your VALUES list.

6. Like the other answer points out, you're missing some underscores in your $_POST references.

a million-Lita, Sable, Fabuloose Moolah, Chyna, and Trish are overrated no i disagree 2-Sting and HBK deserve a million extra effective worldwide perceive reign interior the previous they retire. i specific i agree 3- the present ECW is high-quality and underrated. specific i agree 4- Triple H would desire to be an substantial Eventer with out Stephanie McMahon, yet he does not be a 12 time worldwide champ. no i disagree 5- specific For Glory 2008 would be extra effective than WM 24. specific i agree 6- area desires a sparkling Finisher. specific i agree 7- Jeff Hardy isn't the surprising extreme-flyer ever. specific i agree