This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 2 years ago.
I am a beginner in PHP. And decided to make a fully working model of a registration form. But when I program it, it doesn't work.
Here is the main HTML code
<html>
<form method="POST">
<input required type="text" name="name" placeholder="Your Name"><br>
<input required type="email" name="email" placeholder="Your Email"><br>
<input required type="password" name="pass" placeholder="Your Password"><br>
<button name="submit" type="submit" value="Submit">Submit</button>
</form>
</html>
Here is the PHP code
<?php
$conn = mysqli_connect("localhost", "root", "", "shayeq");
if (isset($_POST['submit'])) {
# code...
$user = $_POST['name'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$sql = "INSERT INTO 'user'(name, email, password) VALUE ('$user', '$email', '$pass')"
}
You have to run sql command.
$sql = "INSERT INTO user (name, email, password) VALUES ('$user', '$email', '$pass')";
$result = mysqli_query($sql);
Related
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
How to construct an SQL query correctly in a PHP script? [duplicate]
Closed 5 years ago.
The expect result is for the data that is submitted through a HTML form, and then the form action is this code below. Proccessing the code below I was expecting it to insert the data from the form into a SQL table called customers. However the data is not being inserted and there is no errors showing on the page.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$uName = $_POST['uname'];
$password = sha1($_POST['upassword']);
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$dob = $_POST['dob'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$postcode = $_POST['postcode'];
echo $uName;
echo $password;
include("dbconn.php");
$sql = "INSERT INTO customers (username, password_hash, customer_foremane, customer_surname, date_of_birth, customer_address1, customer_address2, customer_postcode) VALUES ('$uName', '$password', '$fname', '$lname', '$dob', '$address1', '$address2', '$postcode')";
mysqli_query($conn, $sql);
mysqli_close($conn);
?>
This is the form in which the data is from:
<div id = "reg_form">
<form name="register" action="register_customer.php" method="post">
<p id = "form_text"> Username: </p> <input name="uname" type="text" placeholder="Please enter a user name">
<p id = "form_text"> Password: </p> <input name="upassword" type="password" placeholder="Please enter a password"><br>
<p id = "form_text"> First Name: </p> <input name="fname" type="text" placeholder="Please enter your first name"><br>
<p id = "form_text"> Last Name: </p> <input name="lname" type="text" placeholder="Please enter your last name"><br>
<p id = "form_text"> Date of Birth: </p> <input name="dob" type="text" placeholder="Please enter your date of birth"><br>
<p id = "form_text"> Address 1: </p> <input name="address1" type="text" placeholder="Please enter first line of address"><br>
<p id = "form_text"> Address 2: </p> <input name="address2" type="text" placeholder="Please enter second line of address"><br>
<p id = "form_text"> Postcode: </p> <input name="postcode" type="text" placeholder="Please enter your postcode"><br>
<input name="submit" type="submit">
</form>
</div>
This is the dbconn.php:
<?php
$config = parse_ini_file('config.ini');
$conn = mysqli_connect('localhost',$config['username'],
$config['password'],$config['dbname']);
echo "Connected to the database";
?>
you have to use MySqli Prepared Statements for Inserting the query to make it more secure like below:
// prepare and bind Customers Query
$queryCustomers = $conn->prepare("INSERT INTO customers(username, password_hash, customer_foremane, customer_surname, date_of_birth, customer_address1, customer_address2, customer_postcode) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$queryCustomers->bind_param("ssssssss",$uName,$password,$fname,$lname,$dob,$address1,$address2,$postcode);
// execute Customers Query
$queryCustomers->execute();
// Close Connections
$queryCustomers->close();
To learn more, follow http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
so I'm just making a very basic registration for for PHP, and well...everytime I try to run it, it just returns a blank page, there are no errors or echos, just a plain, blank white page. I was hoping you guys could explain why as there are no obvious errors in my code.
Here is my reg.php file:
<html>
<head>
<title>Registered!</title>
</head>
<body>
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'username');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'database');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
if(isset($_POST['submit']))
{
$name = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$username = mysqli_real_escape_string($db, $name);
$email = mysqli_real_escape_string($db, $email);
$password = mysqli_real_escape_string($db, $password);
$query = mysqli_query($db, "INSERT INTO users (username, password,
email)VALUES ('$name', '$password', '$email')");
if($query)
{
echo "You are now registered!";
}
else
{
echo "failed";
}
}
?>
</body>
</html>
and here is my html For the form section
<div id="id01" class="modal">
<form class="modal-content animate" action="reg.php" method="post">
<div class="container">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" id="username"
name="username" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" id="password"
name="password" required>
<label><b>Email</b></label>
<input type="text" placeholder="Enter Email" id="email" name="email"
required>
<button class="btn waves-effect waves-light teal lighten-1" type="submit"
name="submit" id="submit" value="submit">Submit<i class="material-icons
right">send</i></button>
</div>
</form>
</div>
And yes, I know, the form is open to SQL injection, I'll take care of that as soon as I can actually get the basic form to work!
Sorry, I know this will probably end up being some stupid fix, but I can't figure it out for the life of me...
Thanks everyone!
There is a SQL error in your code, try changing:
$query = mysqli_query($db, "INSERT INTO users (username, password,
email)VALUES ('$name', '$password', '$email')");
to
$query = mysqli_query($db, "INSERT INTO users (username, password,
email) VALUES ('$name', '$password', '$email')");
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I have an issue with inserting the data that I gather from one of my forms into my database.
Each form adds data to a different table in the database(one into users and one into tasks).
I use one form for registration and I'll paste the important parts of the code below(this one is working).
This is the form part of the Register.php file
<form method="post" action="register_code.php">
<div class="FormElement">
<input name="user_name" type="text" class="Tfield" id="user_name" required placeholder="User Name">
</div>
<div class="FormElement">
<input name="password" type="password" class="Tfield" id="password" required placeholder="Password">
</div>
<div class="FormElement">
<input name="email" type="email" class="Tfield" id="email" required placeholder="E-mail">
</div>
<div class="FormElement">
<input name="first_name" type="text" class="Tfield" id="first_name" required placeholder="First Name">
</div>
<div class="FormElement">
<input name="last_name" type="text" class="Tfield" id="last_name" required placeholder="Last Name">
</div>
<div class="FormElement">
<input type="submit" id="Register" name="Register" value="Register" class="button">
</div>
This is the register_code.php file
<?php
require "DBconnect.php";
$post = $_POST;
if(isset($post)) {
session_start();
$UName = $post['user_name'];
$PW = md5($post['password']);
$FName = $post['first_name'];
$LName = $post['last_name'];
$Email = $post['email'];
$sql = $con->query("INSERT INTO users (user_name, password, email, first_name, last_name) VALUES ('$UName','$PW','$Email', '$FName', '$LName')");
if($sql)
header("Location: Registration_successful.php");
else
echo "Please try again to register";
}
include 'Register.php';
And another form I use to add data into another table(named tasks). The data I gather from this file will not insert into my database for some reason.
This is the form part of the Add_Task.php file:
<form method="post" action="Add_Task_code.php">
<div class="FormElement">
<input name="TName" type="text" class="Tfield" id="TName" required placeholder="Task name">
</div>
<div class="FormElement">
<input name="TDesc" type="text" class="TextField" id="TDesc" required placeholder="Task summary">
</div>
<div class="FormElement">
<input type="submit" id="Submit" name="Submit" value="Submit" class="button">
</div>
</form>
And this is the code from the Add_Task_code.php file
<?php
require 'DBconnect.php';
$post=$_POST;
if(isset($post))
{
$TaskName = $post['TName'];
$TaskDesc = $post['TDesc'];
$sqltask="INSERT INTO tasks ('TName','TDesc') VALUES ('$TaskName','$TaskDesc')";
if ($con->query($sqltask))
header("Location: Tasks.php");
else
header("Location: Add_Task.php");
}
?>
The file DBconnect.php only contains this:
<?php
$con= mysqli_connect("localhost", "root","","first_app")
?>
The problem is that even though the code is similar in both forms only one of them is working. Every time I run the Add_Task.php file it redirects me to the same page (as I instructed it) since it does not add anything to the database.
I also checked the tables just in case it adds something but it does not.
please set your primary_key(id) as auto increment in table tasks. if you not set it might be possible.
and change this line
$sqltask="INSERT INTO tasks ('TName','TDesc') VALUES ('$TaskName','$TaskDesc')";
like this :
$sqltask="INSERT INTO tasks (TName,TDesc) VALUES ($TaskName,$TaskDesc)";
You are mixing OOP style and Procedural Style in your code
You are used Procedural Style in your DBconnect.php file. And You are missing ; in your connection file.
DBconnect.php file should be:
<?php
$con= mysqli_connect("localhost", "root","","first_app");
?>
register_code.php code should be:
<?php
require "DBconnect.php";
$post = $_POST;
if(isset($post)) {
session_start();
$UName = $post['user_name'];
$PW = md5($post['password']);
$FName = $post['first_name'];
$LName = $post['last_name'];
$Email = $post['email'];
$sql = mysqli_query($con,"INSERT INTO users (user_name, password, email, first_name, last_name) VALUES ('$UName','$PW','$Email', '$FName', '$LName')");
if($sql)
header("Location: Registration_successful.php");
else
echo "Please try again to register";
}
include 'Register.php';
Add_Task_code.php file code should be:
<?php
require 'DBconnect.php';
$post=$_POST;
if(isset($post))
{
$TaskName = $post['TName'];
$TaskDesc = $post['TDesc'];
$sqltask="INSERT INTO tasks ('TName','TDesc') VALUES ('$TaskName','$TaskDesc')";
if (mysqli_query($con,$sqltask))
header("Location: Tasks.php");
else
header("Location: Add_Task.php");
}
?>
Try to make the below changes and see what the actual error is.then debug your code.
if($_SERVER['REQUEST_METHOD']=='POST')
{
$TaskName = $post['TName'];
$TaskDesc = $post['TDesc'];
$sqltask="INSERT INTO tasks ('TName','TDesc') VALUES ('$TaskName','$TaskDesc')";
if ($con->query($sqltask))
echo "Successfully Inserted";
else
echo "Error: " . $sqltask. "<br>" . mysqli_error($conn);
}
?>
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 3 years ago.
I am trying to create a login page so that certain users within our organization will have access to a form with sensitive information. I decided to use PHP and MySQL to do this and believe I am very close, but am having issues getting the two to connect to one another. I am using WAMP server so I have a localhost setup.
Here is my very basic html form:
<form method="post" action="addemail.php">
<label for="firstname">First Name:</label>
<input type="text" id="firstname" name="firstname" /> <br/>
<label for="lastname">Last Name:</label>
<input type="text" id="lastname" name="lastname" /> <br/>
<label for="email">Email:</label>
<input type="text" id="email" name="email" /> <br/>
<input type="submit" value="submit" name="submit"/>
</form>
On my PHP form, I have this:
$dbc = mysqli_connect('localhost', 'root', 'password', 'leadmen')
or die('Error connection to MySQL server.');
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$email = $_POST['email'];
$query ="INSERT INTO leadmen_usernames (first_name, last_name, email)" .
"VALUES ('$first_name', '$last_name', '$email')";
mysqli_query($dbc, $query)
or die('Error querying database');
echo 'Username Added.';
mysqli_close($dbc);
I don't know too much about these technologies but believe the problem lies either within my connection info to $dbc = mysqli_connect, or maybe there's an error with mysqli vs mysql?
Not sure if this matters, but I used phpmyadmin to create the table.
If you see just the PHP code you probably forgot the opening PHP tag before you start to write actual PHP code.
<?php
$dbc = mysqli_connect('localhost', 'root', 'password', 'leadmen')
or die('Error connection to MySQL server.');
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$email = $_POST['email'];
$query ="INSERT INTO leadmen_usernames (first_name, last_name, email)" .
"VALUES ('$first_name', '$last_name', '$email')";
mysqli_query($dbc, $query)
or die('Error querying database');
echo 'Username Added.';
mysqli_close($dbc);
?>
You can close it again with '?>'
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Best way to prevent SQL injection in PHP?
This is a simple registration I made in PHP.
I just want to know how to make it really secure, as I am new to PHP, so examples would help also. All in all, any resources or guidance would be great.
<?php
$email = $_POST["email"];
$password = $_POST["password"];
$fname = $_POST["first_name"];
$lname = $_POST["last_name"];
$db = "mydatabase";
$connect = mysql_connect("localhost","root","");
if(!$connect){
die('Could not connect.');
}
$query = "INSERT INTO users (id, email, password, first_name, last_name) VALUES (DEFAULT, '".$email."', '".$password."', '".$fname."', '".$lname."')";
mysql_select_db($db, $connect);
if(!mysql_query($query)){
echo 'Failed: '.mysql_error();
}
else{
echo 'You have registered.';
}
mysql_close($connect);
?>
and this is the register input form
<html>
<head>
</html>
<body>
<form action="new_user_db.php" method="POST">
<input type="text" name="first_name" placeholder="First Name" required><br>
<input type="text" name="last_name" placeholder="Last Name" required><br>
<input type="email" name="email" placeholder="E-mail" required><br>
<input type="password" name="password" placeholder="Password" required><br>
<input type="submit" value="Register">
</form>
</body>
</html>
thanks for all your feedback!
Security Issues:
Use MySQLi/PDO. mysql_ functions are deprecated.
Stop using the root account to run your mysql queries. Create a new database user with the minimum required privileges
Finally (unrelated to PHP), look into SSL and securing the movement of credentials from client to server.
Also, not a security risk but...
Having your credentials in every single PHP file that uses it is bad practice. Put it in a separate PHP and include/require it, whenever you want to make a connection. That prevents you having to make several changes when changing database server/user/password.
Use a Prepared Statement
$db = mysqli_connect($dbserver, $dbuser, $dbpass,$dbname);
$sql = "insert into mytable (mycol1, mycol2) values (?,?)";
$statement = $db->prepare($sql);
$statement -> bindparam("ss",$myval1, $myval2)'
mysqli_stmt_execute(#statement);