PHP Insert INTO Not Inserting Data

Question

Below is my Html and php code both in separate files for my insert query it is trying to insert registration details but it keeps failing, any reasons where i am going wrong. I have trying using different types of speech marks but it still doesnt work and the textbook i have shows this method. The database can log users in and check if user exists but can not insert data. Thanks.

<?php
include 'db.php';

session_start();
?>
<!DOCTYPE html>

<html>

<head>

</head>
<?php 
include 'header.php';
?>

    <div id="logincontent"> 

    <div id="registerform" class="loginform-in">
        <h1>Registration</h1>
        <fieldset>
            <form id="myForm" action="registerscript.php" method="POST">
            Email: <input type="text" name="username"/><br />
            Password: <input type="password" name="pass"/><br />
            First Name: <input type="text" name="fname"/><br />
            Last Name: <input type="text" name="lname"/><br />
            Address 1: <input type="text" name="add1"/><br />
            Address 2: <input type="text" name="add2"/><br />
            Postcode: <input type="text" name="pcode"/><br />
            Telephone: <input type="text" name="phone"/><br />
            <button id="submit">Register</button>
            </form>

            <div id="ack"></div>
        </fieldset>
    </div>
    </div>
</body>
</html>

PHP File

<?php
  include('db.php');

  $email = mysql_real_escape_string( $_POST["username"] );
  $pass = mysql_real_escape_string( md5($_POST["pass"]) );
  $firstname = mysql_real_escape_string( $_POST["fname"] );
  $surname = mysql_real_escape_string( $_POST["lname"] );
  $add1 = mysql_real_escape_string( $_POST["add1"] );
  $add2 = mysql_real_escape_string( $_POST["add2"] );
  $pcode = mysql_real_escape_string( $_POST["pcode"] );
  $phone = mysql_real_escape_string( $_POST["phone"] );

  if( empty($email) || empty($pass) )
  {
    echo "Email and Password are Mandatory";
    exit();
  }




$res = mysql_query("SELECT email FROM members WHERE email='$email'");
      $row = mysql_fetch_row($res);


  if( $row > 0 )
    echo "The Email $email has already been taken. Click Forgot Password to Retrieve";

  else
  {
      $sql = "INSERT INTO members (memberid, firstname, surname, address1, address2, postcode, telephone, email, password) VALUES (
                                       '',
                                       '$firstname', 
                                       '$surname', 
                                       '$add1', 
                                       '$add2', 
                                       '$pcode', 
                                       '$phone', 
                                       '$email'
                                       '$pass')";
   if( mysql_query($sql) )
     echo "Registration Successfull";
   else
     echo "An Error Occured Please Try Again";
}

?>

Answer 1

You missed a comma here

                                       '$phone', 
                                       '$email', //<-------------- Here
                                       '$pass')";

Answer 2

Remove memberid from $sql = insert into ... this is probably an auto_increment type value in your mysql database.

BTW you are better off using mysqli or pdo instead of using mysql_. And with prepared statements you would limit the risk for SQL injection.

Answer 3

Add the following to find MySQL Error:

else
     echo "An Error Occured Please Try Again";
     echo mysql_errno($res) . mysql_error($res);