PHP input into database

Question

Stefce 146 Posting Pro

10 Years Ago

Hello everyone, im trying to make a registration system with PHP and MySQL but im not going well i just created table and i have writed the code well but there is something wrong the inputs don't send that data into database i have tryed much different ways of doing it but still cant be posted nothing in to database. Here is the code:

<form method='post'>
                    Name: <input type="text" name="name" color='#4DFF4D' placeholder='Your Real Name' /><br>
                    Last Name: <input type="text" name="lastname" color='#4DFF4D' placeholder='Your last name' /><br>
                    Username: <input type="text" name="username" color='#4DFF4D' placeholder='Choose Username' /><br>
                    Password: <input type="password" name="password" color='#4DFF4D' placeholder='Choose Password' /></font>
                    <input style="border-radius:8px;" type="image" class="new_account" name="submitb" src="NewAccount.png" alt="NewAccount" height='50' width='250px'>
                </form>
                <?php
                    if(isset($_POST['name']))
                    {
                        $con=mysqli_connect("$mysql_host","$mysql_database","$mysql_password ","$mysql_user ");
                        if (mysqli_connect_errno())
                        {
                            echo "Failed to connect to MySQL: ".mysqli_connect_error();
                        }
                        $sql="INSERT INTO Members (Name, Lastname, Username, Password)
                        VALUES
                        ('$_POST[name]','$_POST[lastname]','$_POST[username]','$_POST[password]')";
                        if (!mysqli_query($con,$sql))
                        {
                            die('Error: '.mysqli_error($con));
                        }
                        mysqli_close($con);
                    }
                    ?>

Thank you for helping me !

php

Edited 10 Years Ago by Stefce because: misstake

2 Contributors
12 Replies
185 Views
3 Hours Discussion Span
Latest Post 10 Years Ago Latest Post by diafol

diafol

10 Years Ago

A few pointers:

 $con=mysqli_connect("$mysql_host","$mysql_database","$mysql_password ","$mysql_user ");

No need for quotes - and I think you've got the order wrong. Also note the extra space for the user - that will cause it to fail - so no quotes.

$con = mysqli_connect($host,$user,$pw,$db) or die("Error " . mysqli_error($con));

Also although you use mysqli, you're not protecting yourself from SQL injection. Use parameterized queries (?):

$stmt = $mysqli->prepare("INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
$stmt->execute();

//EDIT
Sorry just remembered, you're using procedural mysqli not OOP. So here's procedural:

$stmt = mysqli_prepare($con, "INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
mysqli_stmt_execute($stmt);

Edited 10 Years Ago by diafol

diafol

10 Years Ago

Actually this line... is good

Actually that line is not good.

Have a look here at the manual if you don't believe me:

http://www.php.net/mysqli_connect#112689

or the constructor:

http://www.php.net/manual/en/mysqli.construct.php

diafol

10 Years Ago

I'm assuming that you've got your own details here:

 $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB");

not the values in the manual?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Stefce 146 Posting Pro · Answer 1 · 2013-12-16T20:23:43+00:00

Actually this line

 $con=mysqli_connect("$mysql_host","$mysql_database","$mysql_password ","$mysql_user ");

is good i just change the values for the forum post.

Stefce 146 Posting Pro · Answer 2 · 2013-12-16T20:32:40+00:00

I have maked some changes but still cannot read into database .. :/

<?php
                    if(isset($_POST['name']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['password']))
                    {
                        $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB");
                        if (mysqli_connect_errno())
                        {
                            echo "Failed to connect to MySQL: ".mysqli_connect_error();
                        }
                        $stmt = $mysqli->prepare("INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
                        $stmt->bind_param('ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
                        $stmt->execute();

                        if (!mysqli_query($con,$stmt))
                        {
                            die('Error: '.mysqli_error($con));
                        }
                        mysqli_close($con);
                    }
                    ?>

Stefce 146 Posting Pro · Answer 3 · 2013-12-16T20:47:23+00:00

My whole registration script if you can make changes here so ill just copy and paste to test it :/ THANK YOU

<html>
<body bgcolor='red'>
<title>Register</title>
<style>
    font.position_font {
        position:absolute;
        left:20%;
    }
    input.new_account {
        position:absolute;
        left:20%;
        top:80%;
    }
</style>
<form>
<font size="6">
    <div style="opacity:1; position:absolute; border-radius:30px; width:30%; left:20%; top:20%; height:50%; background-color:white; border:10px solid gray;">
        <strong>
            <center>
                <font face='Comic Sans MS' color='blue'>Register</font>
                <hr>
                <font size='3' color='black' class='position_font'>
                <form method='post'>
                    Name: <input type="text" name="name" color='#4DFF4D' placeholder='Your Real Name' /><br>
                    Last Name: <input type="text" name="lastname" color='#4DFF4D' placeholder='Your last name' /><br>
                    Username: <input type="text" name="username" color='#4DFF4D' placeholder='Choose Username' /><br>
                    Password: <input type="password" name="password" color='#4DFF4D' placeholder='Choose Password' /></font>
                    <input style="border-radius:8px;" type="image" class="new_account" name="submitb" src="NewAccount.png" alt="NewAccount" height='50' width='250px'>
                </form>
                <?php
                    if(isset($_POST['name']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['password']))
                    {
                        $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB");
                        if (mysqli_connect_errno())
                        {
                            echo "Failed to connect to MySQL: ".mysqli_connect_error();
                        }
                        $stmt = mysqli_prepare($con, "INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
                        mysqli_stmt_bind_param($stmt, 'ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
                        mysqli_stmt_execute($stmt);

                        if (!mysqli_query($con,$stmt))
                        {
                            die('Error: '.mysqli_error($con));
                        }
                        mysqli_close($con);
                    }
                    ?>
        </strong>
    </div>
</font>
</form>
</body>
</html>

Stefce 146 Posting Pro · Answer 4 · 2013-12-16T20:55:39+00:00

Yeah they are not the real, i'm using other, im just changing for the security reasons ...

diafol · Answer 5 · 2013-12-16T21:10:32+00:00

if(isset($_POST['name']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['password']))
{
    $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB") or die('BAD CONNECTION:' .  mysqli_error($con));
    $stmt = mysqli_prepare($con, "INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
    mysqli_stmt_bind_param($stmt, 'ssss', $_POST['name'], $_POST['lastname'], $_POST['username'], $_POST['password']);
    if (!mysqli_stmt_execute($stmt))
    {
        echo "Execute failed";
    }else{
        echo "Execute succeeded";
    }
    mysqli_stmt_close($stmt);
}

BTW you seem to be storing the plaintext password. This is not advisable - you should store a hashed version, e.g.

$pw = hash($algo, $_POST['password']); //where $algo is the hashing algorithm of your choice e.g. "sha256"

In addition to this, you should use a 'salt' for added security.

Another issue - you only have the one password field in your form. You should always provide two in order to obviate (as far as possible) any typos by comparing them.

Stefce 146 Posting Pro · Answer 6 · 2013-12-16T21:19:30+00:00

Dont work again :/
Here at values

 VALUES (?, ?, ?, ?)");

does it need to be like that or i need to change it ?
Also where to put that $pw = hash ?

diafol · Answer 7 · 2013-12-16T21:26:42+00:00

It needs to be like that.

$pw... that will be placed before the prepare method/function and then you use $pw instead of $_POST['password']

So do you get "Execute failed" or "Execute succeeded" ?

Stefce 146 Posting Pro · Answer 8 · 2013-12-16T21:50:40+00:00

I dont get nothing of it you can check at: www.secretchatsk.host56.com

diafol · Answer 9 · 2013-12-16T22:32:14+00:00

Nothing obvious.