Problem with PHP/MySQL Registration Script?

G

GEO net Correspondent

New member
if(isset($_POST['submit']))
{
mysql_connect('localhost', 'username', 'password', 'database');
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$dirtystuff = array("\", "/", "*", "'", "=", "-", "#", ";", "<", ">", "+", "%");
$fname = str_replace($dirtystuff, "", $fname); // works!
$lname = str_replace($dirtystuff, "", $lname); // works!
$email = str_replace($dirtystuff, "", $email); // works!
$phone = str_replace($dirtystuff, "", $phone); // works!
$sql = "INSERT INTO users (id, firstname, lastname, email, phone) VALUES (null, $fname, $lname, $email, $phone);";
mysql_query($sql);
echo "The following information was entered into the database<br><br><br>";
echo "<b>First Name:</b>*$fname<br>";
echo "<b>Last Name:</b>*$lname<br>";
echo "<b>Email:</b>*$email<br>";
echo "<b>Phone Number:</b>*$phone<br><br><br>";
echo "Thanks For Taking The Time To Submit Your Information.";

mysql_close();
}
?>
<html>
<table align="center"><br /> <br />
<a href="index.html"> Click Here To Go Back</a>
</table>
</html>

It can replace the characters with blanks and I Can see it working ok, but the data is not going to the database...
 
Back
Top