This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I have an issue with inserting the data that I gather from one of my forms into my database.
Each form adds data to a different table in the database(one into users and one into tasks).
I use one form for registration and I'll paste the important parts of the code below(this one is working).
This is the form part of the Register.php file
<form method="post" action="register_code.php">
<div class="FormElement">
<input name="user_name" type="text" class="Tfield" id="user_name" required placeholder="User Name">
</div>
<div class="FormElement">
<input name="password" type="password" class="Tfield" id="password" required placeholder="Password">
</div>
<div class="FormElement">
<input name="email" type="email" class="Tfield" id="email" required placeholder="E-mail">
</div>
<div class="FormElement">
<input name="first_name" type="text" class="Tfield" id="first_name" required placeholder="First Name">
</div>
<div class="FormElement">
<input name="last_name" type="text" class="Tfield" id="last_name" required placeholder="Last Name">
</div>
<div class="FormElement">
<input type="submit" id="Register" name="Register" value="Register" class="button">
</div>
This is the register_code.php file
<?php
require "DBconnect.php";
$post = $_POST;
if(isset($post)) {
session_start();
$UName = $post['user_name'];
$PW = md5($post['password']);
$FName = $post['first_name'];
$LName = $post['last_name'];
$Email = $post['email'];
$sql = $con->query("INSERT INTO users (user_name, password, email, first_name, last_name) VALUES ('$UName','$PW','$Email', '$FName', '$LName')");
if($sql)
header("Location: Registration_successful.php");
else
echo "Please try again to register";
}
include 'Register.php';
And another form I use to add data into another table(named tasks). The data I gather from this file will not insert into my database for some reason.
This is the form part of the Add_Task.php file:
<form method="post" action="Add_Task_code.php">
<div class="FormElement">
<input name="TName" type="text" class="Tfield" id="TName" required placeholder="Task name">
</div>
<div class="FormElement">
<input name="TDesc" type="text" class="TextField" id="TDesc" required placeholder="Task summary">
</div>
<div class="FormElement">
<input type="submit" id="Submit" name="Submit" value="Submit" class="button">
</div>
</form>
And this is the code from the Add_Task_code.php file
<?php
require 'DBconnect.php';
$post=$_POST;
if(isset($post))
{
$TaskName = $post['TName'];
$TaskDesc = $post['TDesc'];
$sqltask="INSERT INTO tasks ('TName','TDesc') VALUES ('$TaskName','$TaskDesc')";
if ($con->query($sqltask))
header("Location: Tasks.php");
else
header("Location: Add_Task.php");
}
?>
The file DBconnect.php only contains this:
<?php
$con= mysqli_connect("localhost", "root","","first_app")
?>
The problem is that even though the code is similar in both forms only one of them is working. Every time I run the Add_Task.php file it redirects me to the same page (as I instructed it) since it does not add anything to the database.
I also checked the tables just in case it adds something but it does not.
please set your primary_key(id) as auto increment in table tasks. if you not set it might be possible.
and change this line
$sqltask="INSERT INTO tasks ('TName','TDesc') VALUES ('$TaskName','$TaskDesc')";
like this :
$sqltask="INSERT INTO tasks (TName,TDesc) VALUES ($TaskName,$TaskDesc)";
You are mixing OOP style and Procedural Style in your code
You are used Procedural Style in your DBconnect.php file. And You are missing ; in your connection file.
DBconnect.php file should be:
<?php
$con= mysqli_connect("localhost", "root","","first_app");
?>
register_code.php code should be:
<?php
require "DBconnect.php";
$post = $_POST;
if(isset($post)) {
session_start();
$UName = $post['user_name'];
$PW = md5($post['password']);
$FName = $post['first_name'];
$LName = $post['last_name'];
$Email = $post['email'];
$sql = mysqli_query($con,"INSERT INTO users (user_name, password, email, first_name, last_name) VALUES ('$UName','$PW','$Email', '$FName', '$LName')");
if($sql)
header("Location: Registration_successful.php");
else
echo "Please try again to register";
}
include 'Register.php';
Add_Task_code.php file code should be:
<?php
require 'DBconnect.php';
$post=$_POST;
if(isset($post))
{
$TaskName = $post['TName'];
$TaskDesc = $post['TDesc'];
$sqltask="INSERT INTO tasks ('TName','TDesc') VALUES ('$TaskName','$TaskDesc')";
if (mysqli_query($con,$sqltask))
header("Location: Tasks.php");
else
header("Location: Add_Task.php");
}
?>
Try to make the below changes and see what the actual error is.then debug your code.
if($_SERVER['REQUEST_METHOD']=='POST')
{
$TaskName = $post['TName'];
$TaskDesc = $post['TDesc'];
$sqltask="INSERT INTO tasks ('TName','TDesc') VALUES ('$TaskName','$TaskDesc')";
if ($con->query($sqltask))
echo "Successfully Inserted";
else
echo "Error: " . $sqltask. "<br>" . mysqli_error($conn);
}
?>
Related
I am learning MySQL and PHP and I trying to build a simple login webpage and connect with MySQL.
I have built the page with HTML and CSS, also I downloaded PHP and installed MySQL, I am getting confused about how to combine those things and when I input my password and username it will go to successful page.
I am not seeking an answer but need some suggestions for the next step.
PLEASE NOTE - the way my SQL queries are written here are open to SQL injection (see here to get the changes you would need to make)
So to start. You want to create a database table to store your users, a form to create users, and some code to query the data into the database.
i would start with a form like this:
<form method="post" class="mt-3">
<input type="hidden" name="do" value="create" />
<div class="form-group">
<label for="itemName">First Name</label>
<input type="text" class="form-control" name="firstName">
</div>
<div class="form-group">
<label for="serialNumber">Last Name</label>
<input type="text" class="form-control" name="lastName">
</div>
<div class="form-group">
<label for="serialNumber">Username</label>
<input type="text" class="form-control" name="userName">
</div>
<div class="form-group">
<label for="serialNumber">Password</label>
<input type="password" class="form-control" name="passWord">
</div>
<a id="create-member" class="btn btn-success text-white">Submit</a>
</form>
then you want some code that will take the values you have in that form and turn them into a query to add that info into your table.
if(isset($_POST['do'])) && $_POST['do'] == 'create'
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$username = $_POST['userName'];
$password = password_hash($_POST['passWord'], PASSWORD_BCRYPT);
$sql = "INSERT INTO members (first_name, last_name, username, password) VALUES ('".$firstName."', '".$lastName."', '".$username."', '".$password."')";
mysqli_query($conn, $sql); //$conn is set in my header file and included into every page.
}
That is pretty much the process for creating a user and adding it to your table, obviously you'll have to break it down and change values to what you have in your table etc.
Next it's the case of verifying a login.
first, a login form:
<form method="post">
<input type="hidden" name="do" value="login" />
<div class="form-group">
<label for="usename">Username</label>
<input type="text" class="form-control" id="username" name="username">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" class="form-control" id="password" name="password">
</div>
<button type="submit" class="btn btn-primary">Login</button>
</form>
and then an authentication query to follow, this will take the info in the login page, hash the password you entered and then compare it with the one in your database.
if (isset($_POST['do']) && $_POST['do'] == 'login')
{
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT id, first_name, last_name, password FROM members WHERE username= '$username'";
$query = mysqli_query($conn, $sql) or die(mysqli_error($conn));
if($query->num_rows == 0)
{
echo "Username or password incorrect";
}else{
$data = mysqli_fetch_array($query);
if(!password_verify($password, $data['password']))
{
echo "Username or password incorrect";
}else{
session_regenerate_id();
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $_POST['username'];
$_SESSION['member_id'] = $data['id'];
$_SESSION['first_name'] = $data['first_name'];
$_SESSION['last_name'] = $data['last_name'];
}
}
}
}
?>
don't be scared about the $_SESSION variables at the bottom, i just set all user data as that so it's easier to access it on other pages, then i just follow with a header to my index.php page. In my header i also check to see that $_SESSION['loggedin'] is set to true and if not it redirects them to the login page (also be care to take into account the user might be on the login page, you dont want a redirect error)
This is my first detailed answer on this site so i hope it helps you :)
Hi I am trying to make a registration form that sends input data to phpmyadmin's database I created. I think I mixed up MySQLI and MySQL any suggestions on how to fix would be great!! I just dont understand why my data is not being sent over to the database on phpmyadmin.
PHP:
// connect to database
$db = mysqli_connect("127.0.0.1", "root", "", "user logins");
if (isset($_POST['register_btn'])) {
$firstName = mysql_real_escape_string($_POST['firstName']);
$lastName = mysql_real_escape_string($_POST['lastName']);
$emailAddress = mysql_real_escape_string($_POST['emailAddress']);
$password = mysql_real_escape_string($_POST['password']);
$password2 - mysql_real_escape_string($_POST['password2']);
}
if ($password == $password2) {
// create user
$password = md5($password); //hash password before storing for security
$sql = "INSERT INTO user logins(firstName, lastName, emailAddress, password) VALUES('$firstName', '$lastName' '$emailAddress', '$password')";
mysqli_query($db, $sql);
$_SESSION['message'] = "You are now logged in";
$_SESSION['username'] = $username;
header('location: homepage.html'); //redirect to homepage
} else {
$_SESSION['message'] = "The two passwords do not match";
}
?>
HTML:
<link rel="stylesheet" type="text/css" href="custom.css">
<body class="background">
<div>
<h1 class="header1">Sign in Below</h1>
</div>
<div>
<form action="connect.php" method="post">
<div>
<label for="firstName">First Name:</label>
<input type="text" name="first_name" id="firstName">
</div>
<div>
<label for="lastName">Last Name:</label>
<input type="text" name="last_name" id="lastName">
</div>
<div>
<label for="emailAddress">Email Address:</label>
<input type="email" name="email" id="emailAddress">
</div>
<div>
<label for="password">Password:</label>
<input type="password" name="password" id="password">
</div>
<div>
<label for="password2">Repeat Password:</label>
<input type="password" name="password2" id="password2">
</div>
<input type="submit" name="register_btn" value="register">
</form>
</div>
</body>
Have you put in a password?
Is your database on your local machine?
Is your database table called user logins (with a space)
Is root your login?
Is your PHP file called connect.php?
Any error messages?
What happens when you click the form button
Sorry just a few things that crossed my mind that might help determine the problem.
You may just need to remove the following curly bracket
$password2 - mysql_real_escape_string($_POST['password2']);
}
and add it at the end of you file so it runs with your isset() function
$_SESSION['message'] = "The two passwords do not match";
}
}
?>
I don't think "user logins" is a valid table name. Change it to "user_logins", or at the very least, use the quote ` around the table name.
INSERT INTO `user logins`(
OR
INSERT INTO user_logins(
Second one you have to rename the table in phpmyadmin. As a general rule, you want to quote table names no matter what. Because sometimes your table name is a MySQL-reserved keyword. It's just good practice.
Also, the 4th parameter in mysqli_connect is database name. So is your database named "user logins"? Don't confuse table name with database name.
solved:(a small mistake)
this line is not a assignment :
$password2 - mysql_real_escape_string($_POST['password2']);
to
$password2 = mysql_real_escape_string($_POST['password2']);
( - ) must be converted to (=)
I have 2 problems.
Basic story: I have created a SIMPLE registration and login system.
Problem1: If I try to register a new account then it says "user registration failed". At the moment it should say that because mysql can't get right information from forms. But problem is that I don't know why. Everything seems correct...
Problem2: If I try to login with existent account then it seems that browser is only refreshing the page and nothing else...
Registration with php code:
<?php
require ('insert.php');
// If values posted, insert into the database.
if (isset($_POST['username']) && isset($_POST['password'])){
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
// nimi refers to name, it's correct
$query = "INSERT INTO `user` (nimi, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
//POST retrieves the data.
$result = mysqli_query($connection, $query);
if($result){
$smsg = "User Created Successfully.";
} else {
$fmsg = "User Registration Failed";
}
}
mysqli_close($connection);
?>
<html>
...
<body>
...
<div>
<form method="POST" class="form-horizontal" role="form">
<!-- Status, how registering went -->
<?php if(isset($smsg)){ ?><div class="alert alert-success" role="alert"> <?php echo $smsg; ?> </div><?php } ?>
<?php if(isset($fmsg)){ ?><div class="alert alert-danger" role="alert"> <?php echo $fmsg; ?> </div><?php } ?>
<!-- Registration form starts -->
<h2>Form</h2><br>
<label for="Name"></label>
<input name="name" type="text" id="name" maxlength="40" placeholder="Ees- ja perenimi" class="form-control" autofocus> <!-- lopp -->
<label for="email"></label>
<input name="email" type="email" id="email" maxlength="65" placeholder="Email" class="form-control"> <!-- lopp -->
<label for="Username"></label>
<input name="username" type="text" id="userName" maxlength="12" placeholder="Kasutajatunnus/kasutajanimi" class="form-control" required> <!-- lopp -->
<label for="Password"></label>
<input name="password" type="password" id="password" maxlength="12" placeholder="Parool" class="form-control" required>
<button type="submit" class="btn btn-primary btn-block">Join</button>
</form> <!-- /form -->
</div> <!-- ./container -->
...
</body>
</html>
Login:
<?php
session_start();
require ('insert.php');
//Is username and password typed?
if (isset($_POST['username']) and isset($_POST['password'])){
//Making vars from inputs
$username = $_POST['username'];
$password = $_POST['password'];
//Checking existent of values.
$query = "SELECT * FROM `liikmed`
WHERE username='$username'
and password='$password'";
$result = mysqli_query($connection, $query)
or die(mysqli_error($connection));
$count = mysqli_num_rows($result);
//3.1.2 If values equal, create session.
if ($count == 1){
$_SESSION['username'] = $username;
} else {
//If credentials doesn't match.
$fmsg = "Invalid Login Credentials.";
}
}
//if user logged in, welcome with message
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Hai " . $username . "";
echo "This is the Members Area";
echo "<a href='logout.php'>Logout</a>";
}else{}
?>
<html>
...
<body>
...
<div id="bg"></div>
<form method="POST" class="form-horizontal">
<h2>Login</h2><br>
<label for="User"></label>
<input name="username" type="text" maxlength="15" placeholder="Username" class="form-control" required autofocus>
<label for="Password"></label>
<input name="password" type="password" maxlength="50" placeholder="Password" class="form-control" required autofocus>
<button type="submit" class="btn btn-primary btn-block">Enter</button>
</form>
</div>
...
</body>
</html>
And finally php database connection file (called insert.php):
<?php
$connection=mysqli_connect("localhost","root","pw");
if (!$connection){
die("Database Connection Failed" . mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, 'my_database');
if (!$select_db){
die("Database Selection Failed" . mysqli_error($connection));
}
?>
First of all in your login PHP code, you only started a session but you didn't tell the from where to direct to if login is successful. Add a header to the code. That is;
if ($count == 1){
$_SESSION['username'] = $username;
header("Location: page.php"); //the page you want it to go to
}
And your registration PHP code looks ok. Check your database table if you've misspelt anything there.
Your logic to set the $_SESSION['username'] requires that the username and password combination exists once in your database.
This might sound silly but can you confirm that this is the case (i.e. confirm that you have not created the same username and password combination).
Altering the logic to be > 1 would also get around this temporarily. So your code
if ($count == 1){
$_SESSION['username'] = $username;
}
should become
if ($count > 1){
$_SESSION['username'] = $username;
}
I am trying to create a user registration form using php and mysql. When I try to hit the submit button no new record is added to my database. The database is functional and has worked with other forms.
HTML/FORM
<?php
include 'header.php';
?>
<section>
<div class="form">
<form action="signup.php" method="post">
<h1> Sign Up!</h1>
<p>First name:
<input type="text" name="fName" maxlength="15" required pattern="^[a-zA-Z]{3,20}$" placeholder="Enter Name" />
</p>
<p>Last name:
<input type="text" name="lName" maxlength="15" pattern="^[a-zA-Z]{3,20}$" required placeholder="Enter Last Name" />
</p>
<p>Email:
<input type="email" name="email" maxlength="40" required placeholder="Enter Email" />
</p>
<p>Username:
<input type="text" name="username" maxlength="20" ^[A-Za-z0-9_]{1,15}$ required placeholder="Enter Username" />
</p>
<p>Password:
<input type="password" name="password" maxlength="20" pattern="(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" required placeholder="Enter Password" />
</p>
<p>Re-type Password:
<input type="password" name="password2" maxlength="20" pattern="^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*$" required placeholder="Re-type Password" />
</p>
<p>
<button type="submit" name="signupbutton"> Sign up </button>
</p>
</form>
</div>
</section>
<div class="footerspecial">
<?php
include 'footer.php';
?>
</div>
PHP/SQL
<?php
//have they submitted at least once?
if(isset($POST['$password2'])){
$fName = $_POST['fName'];
$lName = $_POST['lName'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
//do the passwords NOT match?
if ($password !== $password2) {//do string comparison here
echo'<h2>Error: passwrods don\'t match!</h2>';
require ('registerform.php');
}
else {
//does the username already exist?
$sql = mysql_query("SELECT * FROM users WHERE username=='$username'");
if ($results=$con->query($sql)){
echo'<h2>Error: username is already taken</h2>';
require ('registerform.php');
}
else {
$sql = mysql_query("SELECT * FROM users WHERE email=='$email'");
if ($results=$con->query($sql)){
echo'<h2>Error: email already used</h2>';
require ('registerform.php');
}
else {
// If the values are posted, insert them into the database.
$sql= "INSERT INTO users (fName, lName, email, username, password, password2) VALUES ('$fName', '$lName', '$email', '$username', '$password', $password2)";
if (!$con->query($sql)){
echo 'Error: coulndt do suff';
}
else {
echo 'Account made';
}//ENDS SUCCESSFUL INSURT
}//ENDS EMAIL VALIDATION
}//ENDS THE USERNAME VALIDATION
}//END PASSWORD VALIDATION
}
?>
Picture of the form don't really know if its helpful but ya'know
https://gyazo.com/418b86ecb5090604a1f229e1e94fe3bf
I'm guessing here that your database doesn't have a password2 column (seems kind of pointless to have) so trying to insert into it will give an error.
You should read about MySQLi error reporting
Also add error_reporting(-1); at the start of your PHP file to show PHP errors.
P.S. your code is vulnerable to SQL injection, you should use prepared statements to be safe from this.
Could have multiple problems first you do not have the single quotes around $password2. This could be leading to a failed insert.
VALUES ('$fName', '$lName', '$email', '$username', '$password', $password2)";
Also I would echo the sql errors out as you are not doing. you can do this easily. Test the if statement for a true not a false
if ($con->query($sql)){
//if true then runs your code;
}
else {
echo "Error: " . $sql . "<br>" . $con->error; // This will echo out any sql errors you may have
}
I have the tables users and register in my database. I've created a login page which starts a session using the users table, then people fill out a form to insert data into the register table. I've used the following code to insert the data. My code doesn't have errors but the thing is it is not inserted to my table. Please help me. Thanks.
<?php
include("includes/db.php");
session_start();
if(!isset($_SESSION['user_name'])){
header("location: login.php");
}
else { ?>
<html>
<body>
<h2>New users Signup!</h2>
<form action="login.php" method="post">
<input type="text" name = "firstname" placeholder="Firstname"/>
<input type="text" name = "lastname" placeholder="Lastname"/>
<input type="text" name = "address" placeholder="Address"/>
<input type="text" name = "contact" placeholder="Contact"/>
<input type="text" name = "email" placeholder="Email Address"/>
<input type="password" name = "password" placeholder="Password"/>
<div class = "bttn">
<button type="submit" name = "submit" class="btn btn-default">Signup</button>
</div>
</form>
</body>
</html>
<?php
if(isset($_POST['submit']))
{
$users_firstname = $_POST['firstname'];
$users_lastname = $_POST['lastname'];
$users_address = $_POST['address'];
$users_contact = $_POST['contact'];
$users_email = $_POST['email'];
$users_password = $_POST['password'];
$users_date = date('Y-m-d');
if($users_firstname=='' or $users_lastname=='' or $users_address=='' or $users_contact=='' or $users_email=='' or $users_password=='')
{
echo "<script>alert('Any of the fields is empty')</script>";
exit();
} else {
$insert_query = mysql_query("insert into users (users_firstname,users_lastname,users_address,users_contact,users_email,users_password,users_date) values ('$users_firstname','$users_lastname','$users_address','$users_contact','$users_email','$users_password','$users_date')");
$users_id=mysql_insert_id();
if(mysql_query($insert_query)) {
echo "<script>alert('post published successfuly')</script>";
}
}
}
} ?>
Now try this code:
<?php
include("includes/db.php");
session_start();
if(!isset($_SESSION['user_name'])){
header("location: login.php");
}
else {
?>
<html>
<body>
<?php
if(isset($_POST['submit']))
{
$users_firstname = $_POST['firstname'];
$users_lastname = $_POST['lastname'];
$users_address = $_POST['address'];
$users_contact = $_POST['contact'];
$users_email = $_POST['email'];
$users_password = $_POST['password'];
$users_date = date('Y-m-d');
if($users_firstname=='' or $users_lastname=='' or $users_address=='' or $users_contact=='' or $users_email=='' or $users_password=='')
{
echo "<script>alert('Any of the fields is empty')</script>";
exit();
}
else
{
$insert_query = mysql_query("INSERT INTO `users` (users_firstname, users_lastname, users_address, users_contact, users_email, users_password, users_date) values ('$users_firstname', '$users_lastname', '$users_address', '$users_contact', '$users_email', '$users_password', '$users_date')");
$users_id=mysql_insert_id();
echo "<script>alert('post published successfuly')</script>";
}
}
?>
<h2>New users Signup!</h2>
<form action="" method="post">
<input type="text" name="firstname" placeholder="Firstname"/>
<input type="text" name="lastname" placeholder="Lastname"/>
<input type="text" name="address" placeholder="Address"/>
<input type="text" name="contact" placeholder="Contact"/>
<input type="text" name="email" placeholder="Email Address"/>
<input type="password" name="password" placeholder="Password"/>
<div class="bttn">
<button type="submit" name="submit" class="btn btn-default">Signup</button>
</div>
</form>
</body>
</html>
<?php } ?>
I have:
Repositioned your PHP code for inserting to be at the top of the form
changed <form action="login.php" to <form action="" because we are executing from the same page
Your query has already run so removed the if(mysql_query...
Removed the spaces in the form e.g. name = " nameofform" to name="nameofform"
I don't see any reason for having this $users_id=mysql_insert_id();, YOu should use auto-increment for the userID on your database
But since we don't know how you have connected to your database, because also that can be an issue: you can also try this way
<?php
//connect to DB
$hostname_localhost = "localhost"; //hostname if it is not localhost
$database_localhost = "databasename";
$username_localhost = "root"; //the username if it is not root
$password_localhost = "password_if_any"; //if no password leave empty
$localhost = mysql_pconnect($hostname_localhost, $username_localhost, $password_localhost) or trigger_error(mysql_error(),E_USER_ERROR);
?>
<?php
// include("includes/db.php");
if (!isset($_SESSION)) {
session_start();
}
if(!isset($_SESSION['user_name'])){
header("location: login.php");
}
else {
?>
<html>
<body>
<?php
if(isset($_POST['submit']))
{
$users_firstname = $_POST['firstname'];
$users_lastname = $_POST['lastname'];
$users_address = $_POST['address'];
$users_contact = $_POST['contact'];
$users_email = $_POST['email'];
$users_password = $_POST['password'];
$users_date = date('Y-m-d');
if($users_firstname=='' or $users_lastname=='' or $users_address=='' or $users_contact=='' or $users_email=='' or $users_password=='')
{
echo "<script>alert('Any of the fields is empty')</script>";
exit();
}
else
{
$insert_query = sprintf("INSERT INTO `users` (users_firstname, users_lastname, users_address, users_contact, users_email, users_password, users_date) values ('$users_firstname', '$users_lastname', '$users_address', '$users_contact', '$users_email', '$users_password', '$users_date')");
mysql_select_db($database_localhost, $localhost);
$Result = mysql_query($insert_query, $localhost) or die(mysql_error());
echo "<script>alert('post published successfuly')</script>";
}
}
?>
<h2>New users Signup!</h2>
<form action="" method="post">
<input type="text" name="firstname" placeholder="Firstname"/>
<input type="text" name="lastname" placeholder="Lastname"/>
<input type="text" name="address" placeholder="Address"/>
<input type="text" name="contact" placeholder="Contact"/>
<input type="text" name="email" placeholder="Email Address"/>
<input type="password" name="password" placeholder="Password"/>
<div class = "bttn">
<button type="submit" name="submit" class="btn btn-default">Signup</button>
</div>
</form>
</body>
</html>
<?php } ?>
You should removed the whitespaces in your html-code:
Wrong
<input type="text" name = "firstname" placeholder="Firstname"/>
^^^^^
Correct
<input type="text" name="firstname" placeholder="Firstname"/>
Do not put the variables in single quotes:
$insert_query = mysql_query("INSERT INTO users
(users_firstname,users_lastname,users_address,users_contact,users_email,users_password,users_date)
VALUES
($users_firstname,$users_lastname,$users_address,$users_contact,$users_email,$users_password,$users_date)");
Update: This was wrong. The whole string is in double-quotes so the OP did correct and my notice was wrong. For information-purposes i will let stand the link to the documentation here.
Note: Unlike the double-quoted and heredoc syntaxes, variables and escape sequences for special characters will not be expanded when they occur in single quoted strings.
Read more about single- and double-quotes in the PHP documentation.
Do not double-run the query/perform wrong function-call
$insert_query = mysql_query(".......");
........
if(mysql_query($insert_query)){
echo "<script>alert('post published successfuly')</script>";
}
You already have run the query in the first line. If you want to check if it was successful, you have to use if($insert_query) {}. The call mysql_query($insert_query) is wrong because mysql_query() returns a ressource instead of the sql-query.
Do not use mysql_*() function calls. You mysqli_*() instead.
Warning
This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
mysqli_query()
PDO::query()
Check your use of session.
You are checking the $_SESSION for user_name and if it is not set, you are redirecting via header("location: login.php").
The problem is, that you are never inserting the user_name into the session, so it will always be not set.
You can set the value via $_SESSION['user_name'] = $_POST['user_name']. Have in mind that you have to set the session before checking the session-value. ;-)
remove action
Try this
<form action="" method="post">