PHP Registration code

Question

I am currently attempting to create a registration script to enter registration information into my UserAccount table. Below is my connection:

Answer 1

Don't ever use mysql_ functions this way! Seriously!

• You are risking SQL injection by using untreated data directly in your query
  • someone could formulate a malicious request that could expose, or corrupt your data
• mysql_* functions are deprecated as of PHP 5.5!
  • they are not supported anymore!

Solution:

• use prepared statements
• Use PDO
• or use mysqli consistently throughout the application (as others noted)

Of all these, I'd suggest going the PDO way:

try {
    //open connection, this is different than in the old functions
    $dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);

    //***running query
    //**step1: create statement
    $stmt = $dbh->prepare('INSERT INTO UserAccount(email_address, password, f_name, s_name) 
    VALUES( :email, :password,:f_name,:l_name)'); //notice parameters prefixed with ':'

    //**step2: bind values (be sure to also check out the bindParameter() function too!)
    $stmt->bindValue(':email', $email_address);
    $stmt->bindValue(':password', $password);
    $stmt->bindValue(':f_name', $f_name);
    $stmt->bindValue(':l_name', $l_name);

    //**step3: exexcute statement
    $stmt->execute();

    $dbh = null;
} catch (PDOException $e) {
    print "Error!: " . $e->getMessage() . "
";
    die();
}