php insert not working

Hey Guys

I have moved my site to a new hosting company and the sites forms do not insert to the database. I have made a sql user with every permision but no luck. It inserts a unique ID with the auto increment but thats it??





<?php
$con = mysql_connect("localhost","scor_test","test");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}mysql_select_db("scor_main", $con);$sql="INSERT INTO contact (contact_name,contact_email,contact_comments)
VALUES
('$_POST[contact_name]','$_POST[contact_email]','$_POST[contact_comments]')";if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";mysql_close($con)
?>

Let's see the form that is posting to this script.

lol found it

method="post">


its funny how it woked on the old server with method="get">

The old server probably had register globals on though your current code is poorly written. You have no security in place making sure the user doesn't use mysql injection. You also don't check to see if the post is empty or not so you are putting in empty fields into your database. At its most basic form here is your code
<?php
$con = mysql_connect("localhost","scor_test","test") or die('Could not connect: ' . mysql_error());
mysql_select_db("scor_main", $con);
if(trim($_POST['contact_name']) != '' || trim($_POST['contact_email']) != '' || trim($_POST['contact_comments']) != '')
{
$name = mysql_real_escape_string($_POST['contact_name']);
$email = mysql_real_escape_string($_POST['contact_email']);
$comments = mysql_real_escape_string($_POST['contact_comments']);
$sql = "INSERT INTO contact (contact_name,contact_email,contact_comments) VALUES('$name','$email','$comments')";
$result = mysql_query($sql,$con) or die('Error: ' . mysql_error());
echo "1 record added";
}
else
{
echo 'One or more of the inputs was empty, please fix them';
}
mysql_close($con);
?>
It has simple error checking that needs to be expanded on. Read this about writing secure php: http://www.ilovejackdaniels.com/php/writing-secure-php/