PHP/SQL troubles

I can't seem to get this PHP to make a connection to my SQL DB, but it doesn't report any errors so I'm kind of puzzled as to the problem.

<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
if (!isset ($_POST['Submit'])) {
?>
<html>
<head>
<link rel='stylesheet' href='css.css' type='text/css'>
</head>
<body>
<center>
<br><br><br><br><br><br><br><br><br><br><br>
<b>REGISTER</b>
<form method="POST" action="<?php echo $PHP_SELF;?>">
<input type="text" name="user"><br>
<input type="password" name="pass"><br><br>
<input type="submit" value="Submit">
</form>
</body>
</center>
</html>
<?php
}
Else
{
$con = mysql_connect("localhost:phpmyadmin","censored","censored");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("query123_1", $con);
mysql_query("INSERT INTO users (username, password) 
VALUES ($user, $pass)");
mysql_close($con);
}
?>

make sure you 1) sanitize what you are inserting (use mysql_escape_real_string() or another similar function) and 2) enclose your values - pretty sure that's what is throwing the error. Like this:

mysql_query("INSERT INTO users (username, password) VALUES ('$username', '$password')");

also the $con isn't really that necessary of a parameter when you are selecting a database or doing a query, unless you are dealing with multiple connections. Otherwise it'll just take whatever connection you already got opened by default with out that 2nd parameter in mysql_select_db() as well as in mysql_query().

If you want to see the error that the sql query returned, just do mysql_query('your query') or die(mysql_error()); and that'll kill the script with the mysql error message being returned.

chislam wrote: make sure you 1) sanitize what you are inserting (use mysql_escape_real_string() or another similar function) and 2) enclose your values - pretty sure that's what is throwing the error. Like this:

mysql_query("INSERT INTO users (username, password) VALUES ('$username', '$password')");

also the $con isn't really that necessary of a parameter when you are selecting a database or doing a query, unless you are dealing with multiple connections. Otherwise it'll just take whatever connection you already got opened by default with out that 2nd parameter in mysql_select_db() as well as in mysql_query().

If you want to see the error that the sql query returned, just do mysql_query('your query') or die(mysql_error()); and that'll kill the script with the mysql error message being returned.

Yeah, but this isn't anything I'm trying to protect. I signed up for a free host, and set up a SQL db just for a few tests I was doing, so forget about sanitize string and all of the patching aspects of it, but thnx :) I simply want to know why this wouldn't work. I know that the location of my SQL DB is in localhost:phpmyadmin etc I know all of that is correct, but for some reason it's making no connection.

Oh my bad, didn't realize it was the connection itself. I had thought the query just wasn't working. Are you using a free host? Because if so, then most likely it won't be localhost as your mysql host.

chislam wrote: Oh my bad, didn't realize it was the connection itself. I had thought the query just wasn't working. Are you using a free host? Because if so, then most likely it won't be localhost as your mysql host.

Yeah, I've been using SQL with this host for some time, so I know what it allows and doesn't (it is running in safe mode But, I know the location of the host is localhost:phpmyadmin, and just for the life of me can't figure out why it won't make the connection, I've gone through and checked for any and all possible syntax errors, to no avail