how to insert $GET variable into mysql

hello can anyone help me how to insert GET variable into mysql

<?php
$page_title = 'Personal Wellness';
include ('template/header.inc');
include_once('config.php');

$id = $_GET['id'];

if(isset($_POST['submit']))
//if submit was pressed
{
if(strlen($_POST['height'])<1) //if there was no height
{
print "You did not enter a height.";
}
else if(strlen($_POST['weight'])<1) //no weight
{
print "You did not enter a weight.";
}
else if(strlen($_POST['bodyfat'])<1) //no bodyfat
{
print "You did not enter a Body Fat Range";
}
else if (strlen ($_POST['bodywater'])<1) //no bodywater
{
print "You did not enter a Body Water Range";
}
else if( strlen($_POST['musclemass'])<1) //no musclemass
{
print "You did not enter a Muscle Mass";
}
else if (strlen ($_POST['physiqueratt'])<1) //no physiqueratt
{
print "You did not enter a Physique Ratings";
}
else if (strlen ($_POST['bonemass'])<1) //no bonemass
{
print "You did not enter a Bone Mass";
}
else if (strlen ($_POST['bmr'])<1) //no bmr
{
print "You did not enter a BMR";
}
else if (strlen ($_POST['basalmetabolic'])<1) //no basalmetabolic
{
print "You did not enter a Basal Metabolic Age";
}
else if (strlen ($_POST['visceralfat'])<1) //no visceralfat
{
print "You did not enter a Visceral Fat";
}
else if(strlen($_POST['registrationmonth'] && $_POST['registrationday'] && $_POST['registrationyear'])<1) // no date
{
print "You did not enter a date of birth";
}
else //all fields met
{
$id=$_GET['id'];
echo $id;
$height=$_POST['height'];
$weight=$_POST['weight'];
$bodyfat=$_POST['bodyfat'];
$bodywater=$_POST['bodywater'];
$musclemass=$_POST['musclemass'];
$physiqueratt=$_POST['physiqueratt'];
$bonemass=$_POST['bonemass'];
$bmr=$_POST['bmr'];
$basalmetabolic=$_POST['basalmetabolic'];
$visceralfat=$_POST['visceralfat'];
$date=$_POST['registrationyear'] . '-' . $_POST['registrationmonth'] . '-' . $_POST['registrationday'];
$id=$_GET['id'];
echo $id;
$insertadmin="INSERT into personalwelness (m_id,height,weight,body_fat,body_water,muscle_mass,physique_ratt,bone_mass,bmr,basal_metabolic,visceral_fat,evaluation_date) values ('$id','$height','$weight','$bodyfat','$bodywater','$musclemass','$physiqueratt','$bonemass','$bmr','$basalmetabolic','$visceralfat','$date')"; //registering admin in databae
echo $insertadmin;
$insertadmin2=mysql_query($insertadmin) or die("Could not insert admin");
print "Personal Wellness Successfully Submitted";
}
}

?>
<form method="post" class="form" action="<?php echo $_SERVER['PHP_SELF'];?>">
<fieldset><legend>Enter Personal Wellness Information in the form below:</legend>

<table width="80%" border="0">
<tr>
<td width="16%">Height(CM)</td>
<td width="2%">:</td>
<td width="82%"><label for="height"></label>
<input type="text" name="height" id="height" value="<?php if (isset($_POST['height']))
echo $_POST['height'];?>" /></td>
</tr>
<tr>
<td>Weight(KG)</td>
<td>:</td>
<td><label for="weight"></label>
<input type="text" name="weight" id="weight" value="<?php if (isset($_POST['weight']))
echo $_POST['weight'];?>" /></td>
</tr>
<tr>
<td >Body Fat Range</td>
<td>:</td>
<td><label for="body fat"></label>
<input type="text" name="bodyfat" id="bodyfat" value="<?php if (isset($_POST['bodyfat']))
echo $_POST['bodyfat'];?>" ></td>
</tr>
<tr>
<td>Body Water Range(%)</td>
<td>:</td>
<td><label for="bodywater"></label>
<input type="text" name="bodywater" id="bodywater" value="<?php if (isset($_POST['bodywater']))
echo $_POST['bodywater'];?>"/></td>
</tr>
<tr>
<td>Muscle Mass</td>
<td>:</td>
<td><label for="musclemass"></label>
<input type="text" name="musclemass" id="musclemass" value="<?php if (isset($_POST['musclemass']))
echo $_POST['musclemass'];?>"></td>
</tr>
<tr>
<td>Physique Ratings</td>
<td>:</td>
<td><label for="physiqueratt"></label>
<input type="text" name="physiqueratt" id="physiqueratt" value="<?php if (isset($_POST['physiqueratt']))
echo $_POST['physiqueratt'];?>"></td>
</tr>
<tr>
<td>Bone Mass</td>
<td>:</td>
<td><label for="bonemass"></label>
<input type="text" name="bonemass" id="bonemass" value="<?php if (isset($_POST['bonemass']))
echo $_POST['bonemass'];?>" /></td>
</tr>
<tr>
<td>BMR</td>
<td>:</td>
<td><label for="bmr"></label>
<input type="text" name="bmr" id="bmr" value="<?php if (isset($_POST['bmr']))
echo $_POST['bmr'];?>"/></td>
</tr>
<tr>
<td>Basal Metabolic Age</td>
<td>:</td>
<td><label for="basalmetabolic"></label>
<input type="text" name="basalmetabolic" id="basalmetabolic" value="<?php if (isset($_POST['basalmetabolic']))
echo $_POST['basalmetabolic'];?>"></td>
</tr>
<tr>
<td>Visceral Fat</td>
<td>:</td>
<td><label for="visceralfat"></label>
<input type="text" name="visceralfat" id="visceralfat" value="<?php if (isset($_POST['visceralfat']))
echo $_POST['visceralfat'];?>"></td>
</tr>
<tr>
<td>Evaluation Date</td>
<td>:</td>
<td> <?php echo date_picker("registration")?></td>
</tr>
<tr>
<td>m_id</td>
<td>:</td>
<td><input type="hidden" name="id" value="<?php echo $id; ?>"/></td>
</tr>
</table>
</fieldset>
<div align="center"><input type="submit" name="submit" value="Submit" />

</div>
</form>
<?php
function date_picker($name, $startyear=NULL, $endyear=NULL)
{
if($startyear==NULL) $startyear = date("Y")-100;
if($endyear==NULL) $endyear=date("Y")+50;

$months=array('','January','February','March','April','May',
'June','July','August', 'September','October','November','December');

// Month dropdown
$html="<select name=\"".$name."month\">";

for($i=1;$i<=12;$i++)
{
$html.="<option value='$i'>$months[$i]</option>";
}
$html.="</select> ";

// Day dropdown
$html.="<select name=\"".$name."day\">";
for($i=1;$i<=31;$i++)
{
$html.="<option $selected value='$i'>$i</option>";
}
$html.="</select> ";

// Year dropdown
$html.="<select name=\"".$name."year\">";

for($i=$startyear;$i<=$endyear;$i++)
{
$html.="<option value='$i'>$i</option>";
}
$html.="</select> ";

return $html;
}
?>

<?php
include ('template/footer.inc');
?>

Orjan said:

are you sure there is an id value in $_GET? i.e. is there an id in your url? index.php?id=42 or similar? otherwise it won't do any good.

ps, it's a good thing to run all data going from the user to the database through mysql_real_escape_string() function to remove bad code someone want's to put in and hack your server.

hi orjan, many thanks i already solved a problems but i have a question on login script below, i can't login through this code. my password already encrypted inside a table.

<?php
session_start();

if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];

if($username == "" || $password == "")
{
echo "Either username or password field is empty.";
echo "<br/>";
echo "<a href='login.php'>Go back</a>";
}
else
{
$result = mysql_query("select * from usersystem where username='$username' and password=md5('$password')",$conn)
or die("Could not execute the select query.");

$row = mysql_fetch_assoc($result);

if(is_array($row) && !empty($row))
{
$validuser = $row['username'];
$_SESSION['valid'] = $validuser;
}
else
{
echo "Invalid username or password.";
echo "<br/>";
echo "<a href='index.php'>Go back</a>";
}

if(isset($_SESSION['valid']))
{
header("location:admin.php"); }
}
}
else
{

?>