0

Ive looked through other posts with the same error but i get this error for every form i do where by a variable is the user input. Im having to create a 2 page process registration form, can anyone see were ive gone wrong thanks: < PHP: 

 // Connection to server
 $db_host = "localhost";
 $db_username = "root";
 $db_pass = "password";
 $db_name = "members";
@mysql_connect ("$db_host","$db_username","$db_pass") or die ("Could not            connect to mysql");
@mysql_select_db("$db_name") or die ("No Database");

 //Variables
 $Username = $_POST['Username'];
 $password = md5 ($_POST['password']);
 $insert = 'INSERT into Members(Username, password,) VALUES ("'.$Username.'", "'        .$password.'")';

mysql_query($insert);

 ?>

And the form:
<body>
<form method= "post" action="reg.php">
 <table width="200" border="1">
  <tr>
 <td>Username</td>
<td><input type="text" name="Username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name"password" /></td>
</tr>
 <tr>
<td>&nbsp;</td>
<td><input type="submit" name"submit" value="Submit" /></td>
</tr>

</table>

I was told to use a isset function which i do so which did say the variable did exist.

Danny Shezo
  • 9
  • 3
  • 4
    Terrible question, because: 1. You are surpressing errors using `@`. 2. You didn't add the exact error. 3. Your script is vulnerable to SQLi. 4. You say you do `isset()`, but you don't. 5. You are using `md5()` which has been broken for a long time. – PeeHaa Mar 25 '12 at 12:11
  • Someone call it terrible but in fact it's just PHP as it is. I'd wonder if I see any other code. – Your Common Sense Mar 25 '12 at 12:13
  • @YourCommonSense well php is a terrible tag you know ;-) – PeeHaa Mar 25 '12 at 12:15
  • Sorry literally started php last Thursday so getting to grips, all i know is through tutorials and guides. And the error is on $password. – Danny Shezo Mar 25 '12 at 12:30
  • What does the error message say? – JJJ Mar 25 '12 at 12:39

2 Answers2

1

You're missing a '=' here:

<td><input type="password" name"password" /></td>

Should be:

<td><input type="password" name="password" /></td>
Michael
  • 11,912
  • 6
  • 49
  • 64
-2

run your PHP part inside of 

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
... 
}
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345