What is wrong with this PHP Code?

Hi i have following code

<?php

  $mysql_server = 'Database Server';
  $mysql_username = 'Username';
  $mysql_password = 'Password';
  $mysql_dbname = 'Database Name';

  $connection = mysql_connect($mysql_server, $mysql_username) or die("Verbindung zur Datenbank konnte nicht aufgebaut werden!");
 
  mysql_select_db($mysql_dbname, $connection) or die("Datenbank konnte nicht ausgewählt werden");

$username = $_POST["username"];
$passwort = $_POST["passwort"];
$passwort2 = $_POST["passwort2"];

if($passwort != $passwort2 OR $username == "" OR $passwort == "")
    {
    echo "Eingabefehler. Bitte alle Felder korekt ausfüllen. <a href=\"eintragen.html\">Zurück</a>";
    exit;
    }
    }
$passwort = md5($passwort);

$result = mysql_query("SELECT id FROM login WHERE username LIKE '$username'");
$menge = mysql_num_rows($result);

if($menge == 0)
    {
    $eintrag = "INSERT INTO login (username, passwort) VALUES ('$username', '$passwort')";
    $eintragen = mysql_query($eintrag);

    if($eintragen == true)
        {
        echo "Benutzername <b>$username</b> wurde erstellt. <a href=\"login.html\">Login</a>";
        }
    else
        {
        echo "Fehler beim Speichern des Benutzernames. <a href=\"eintragen.html\">Zurück</a>";
        }


    }

else
    {
    echo "Benutzername schon vorhanden. <a href=\"eintragen.html\">Zurück</a>";
    }
?>

PHP:

Everytime i load the .html document with the form for registratiion and input mydetails and press send it can't connect to the mxsql database.
What's wrong?

 

Apart from the fact you're using outdated mysql functions instead of PDO or mysqli and you have no security in there whatsoever, You're not passing the mysql password to the db connection.

 

I would have said that your trying to connect to nothing.

$mysql_server = 'Database Server';

I'd assume it should be if this were 10 years ago

$mysql_server = 'localhost';

however like
@malky66 said, you should be using PDO or mysqli.

This code is checking if a user exists and then it creates the user if not.

Also are you saying that you have a file .html and threw PHP code into it? Why not just save it as a .php file?

I would say the better question to ask here is what is "right" about this code? because so much is wrong with this that it should be scrapped.

 

If you double checked you would see that the OP is using MD5 when creating the account, Not saying this is the way to go, but you said no security.

If you take the advice of Malky66 what you would need to do is change this line

$connection = mysql_connect($mysql_server, $mysql_username) or die("Verbindung zur Datenbank konnte nicht aufgebaut werden!");

to

$connection = mysql_connect($mysql_server, $mysql_username, $mysql_password) or die("Verbindung zur Datenbank konnte nicht aufgebaut werden!");


However its hard to even say that, just learn how to use mysqli it is not much different from mysql so it should be easy enough to understand.

 

Huh?...MD5 is not going to cure the sql injection vulnerabilities on his unsanitized POST variables though is it?
That's the lack of security I was referring to.

 

You never said lack, You said none, I was saying there was some just not the best. Its like he left his front door wide open but closed the screen door. Im not saying that screen door will keep out burglars but at least it is there.

Like I did state "so much is wrong with this that it should be scrapped."

 

Yeah, I know what I said, Like I said in my previous post I was referring to the unsanitized POST variables of which there is NO security.
You want to carry on with your pointless pedantic bullshit argument...I'll leave you to it cause' I ain't interested.

 

Sorry didn't realize it was your time of the month, I was not arguing with you. Just pointing things out. Sorry I hurt your feelings.

 

You see this?

$connection = mysql_connect

Code (markup):

YOU SEE THIS?

 $eintrag = "INSERT INTO login (username, passwort) VALUES ('$username', '$passwort')";

Code (markup):

@malky66 doesn't have to apologize for **** or be corrected. ZERO ***ing security thanks to the bleeding edge of DECADE old buggy insecure practices.

 

How did this turn into you guys trying to come at me? I never once said anything about Malky66 having to apologize, I just pointed out that the OP did use MD5 instead of just storing the password. So I am in the wrong for that? You guys must be friends and I must have really hurt his feelings. I also said more than once that this code should be thrown away. I just simply explained how the OP could make this crappy code work. I don't really understand how that warranted your response directed at me at all. Your post isn't even slightly contributing to the thread other than to bash me, and that is not the norm for you. Actually shocked you of all people came at me in that manner seeing you speak in a professional manner in so many other threads.