I'm posting from a form in html to PHP.
I have connect.php which successfully connects to the database:
<?php
$db = mysqli_connect('localhost','adam','password','easyfix', '3306');
if(mysqli_connect_errno()){
echo "Failed to connect to MYSQL: " . mysqli_connect_error();
}
?>
I then have register.php where I want to insert those variables from the HTML form.
<?php
require 'connect.php';
$username = $_POST["Username"];
$email = $_POST["Email"];
$password = $_POST["Password"];
$cpassword = $_POST["Cpassword"];
//echo $username;
//echo $email;
//echo $password;
//echo $cpassword;
mysqli_query($db,"INSERT INTO users (username, email, password)
VALUES ('". $username ."', '". $email ."', '". $password ."')");
or die(mysqli_error($db));
$mysqli->close($db);
?>
I've used the echos to make sure the data was actually posted, it has. When I comment out the mysqli_query, the echos are displayed. When I leave the code as is, the echos are not displayed and I only get a white page with nothing inserted to the database.
I know I should use prepared statements, however I wish to just get the data inserted before I look into that.
I've checked out a few similar answers on here but have not found one to work. Previously my variables were not concatenated, I thought that would fix the issue but nope.
Here is the form:
<form action="../php/registration.php" method="POST" name="Login_Form" class="form-signin" >
<h3 class="form-signin-heading">Register for an account!</h3>
<hr class="colorgraph">
<br>
<h4> Username:</h4>
<input type="text" class="form-control" name="Username" placeholder="Username" required="" autofocus="" />
</br>
<h4> Email:</h4>
<input type="text" class="form-control" name="Email" placeholder="Email" required="" autofocus="" />
</br>
<h4> Password:</h4>
<input type="password" class="form-control" name="Password" placeholder="Password" required=""/>
</br>
<h4> Re-enter password</h4>
<input type="password" class="form-control" name="Cpassword" placeholder="Password" required=""/>
</br>
<div class="btn-toobar">
<button type="submit" class="btn btn-primary">Submit</button>
</div>
</form>
password is a mysql reserved word and therefore should be used with backticks `:
INSERT INTO users (username, email, `password`) ....
Related
I have a project and in this project, I mast to use the registers. I try to write many user registers but isn't show in the databases. I don't know what is the problem. Please, can you help me?
This is one of them:
form.php
<?php
session_start();
$_SESSION['massage'] = " ";
?>
<html>
<head>
</head>
<body>
<div class="module">
<fieldset>
<legend>Create an account:</legend>
<form class="flp" mathod ="POST" action="Register.php" enctype="multipart/form-data">
<div>
<input type="text" placeholder="User Name" name="username" required />
</div>
<div>
<input type="email" placeholder="Email" name="email" required />
</div>
<div>
<input type="password" placeholder="Password" name="password" required />
</div>
<div>
<input type="password" placeholder="Confrim Password" name="confrimpassword" required />
</div>
<center>
<input type="submit" name="Register" value="Go"/>
</center>
<div>
<?php echo $_SESSION['massage']; ?>
</div>
</fomr>
</fieldset>
</div>
</body>
</html>
Register.php
<?php
session_start();
$_SESSION['massage'] = " ";
//connect to database
$mysqli = new mysqli("localhost", "root", "", "accounts");
if (isset($_POST['Register'])){//to check the button
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
$password2 = mysql_real_escape_string($_POST['confrimpassword']);
if($password == $password2){
//Create User
$password = md5($_POST['password']);//hash password before storing for security purposes
$sql = "INSERT INTO account (UserName, Email, PassWord) VALUES ('$username', '$email', '$password')";
mysql_query($mysqli, $sql);
}
else
{
$_SESSION['massage'] = "There error!";
}
mysql_close($mysqli);
}
?>
I have created a HTML form which will need to insert the data that was entered into the form straight into a table in mySQL.
newuser.php file
<?php
//including the connection page
include('./DB_Connect.php');
//get an instance
$db = new Connection();
//connect to database
$db->connect();
//fetch username and password
$usertype = $_POST['userType'];
$firstname = $_POST['firstName'];
$lastname = $_POST['lastName'];
$username = $_POST['userName'];
$password = $_POST['password'];
$address1 = $_POST['add1'];
$address2 = $_POST['add2'];
//write the sql statement
$query = "INSERT INTO USERS (usertype, fname, lname, username, password, add1, add2)
VALUES ('$usertype', '$firstname', '$lastname', '$username', '$password', '$address1', '$address2')";
mysql_query($query,$db);
if (($query) == TRUE) {
echo "New record created successfully";
header("Location: login.php", true);
exit();
}
else
{
echo "Error: " . $sql . "<br>" . $conn->error;
header("Location: register.php", true);
exit();
}
//close once finished to free up resources
$db->close();
?>
With the following html form:
<form action="newuser.php" method="POST" class="form" id="registerForm">
<label> Type of user: </label> <br>
<input type="radio" name="userType" id="itemSeeker">Item Seeker </input>
<input type="radio" name="userType" id="itemDonor">Item Donor </input>
<input type="radio" name="userType" id="peopleSeeker">People Seeker </input>
<input type="radio" name="userType" id="peopleDonor">People Donor </input>
<br>
<br>
<div class="form-inline">
<div class="form-group">
<input type="text" name="firstName" placeholder="First Name: " align="center" class="form-control" ></input>
</div>
<div class="form-group">
<input type="text" name="lastName" placeholder="Last Name: " align="center" class="form-control" ></input>
</div>
</div>
<br>
<input type="text" name="email" placeholder="Email Address: "align="center" class="form-control" ></input>
<br>
<div class="form-inline">
<div class="form-group">
<input type="text" name="userName" placeholder="Username: " align="center" class="form-control" ></input>
</div>
<div class="form-group">
<input type="password" name="password" placeholder="Password: " align="center" class="form-control" ></input>
</div>
</div>
<br>
<!-- <label> Address 1: </label>-->
<input type="text" name="add1" placeholder="Address 1: " align="center" class="form-control" ></input>
<!-- <label> Address 2: </label>-->
<input type="text" name="add2" placeholder="Address 2: " align="center" class="form-control" ></input>
<br>
<button class="btn btn-primary" name="submitReg" type="submit">Submit</button><br>
<br>
<a href="login.php" >Already have an account?</a>
</form>
The USERS table
The above two blocks of code and the code that I'm working with.
My problem here is, when the form is submitted, the data isn't actually being entered into the table. Note that the first ever submission actually did work. All submissions after the first one don't seem to be entering anything into the database.
I'm not quite sure what's wrong with my code for it to not work. It does go to the 'login.php' page which means there aren't any faults and the query submitted correctly.
Could someone please tell me what I'm doing wrong, thank you.
right now you have alot more trouble than your insert problem. your code is totaly insecure. (mysql injections).
Dont use mysql_* functions use pdo instead with prepared statements!
you output spaces before you send a header you cant send header if you have output. your redirect wouldnt work. dont relay on a clientside redirect use may have it disabled so output a link where you want the user to go.
anotherthing your radio buttons have no value check html syntax
var_dump($_POST) and check if you submit everything. also check for isset or empty befor assign variables. do some sort of validation.
have a look at some php frameworks they provide much more flexibility and error checking
dont reinvent the wheel by writing everthing by your own in a 10 or more year behind procedural way
So I am working on this under construction page for my own small business's website. I want to have an email field so that users write their email so that i can later tell them when the page is finished. But I am having trouble with the database. Apparently the connection is established but the data is not being written to the table in the DB. This is my php code, it is embedded on the top of my index.html:
<?php require 'connections/connections.php'; ?>
<?php
if(isset($_POST['submit'])) {
$Fname = $_POST['first_name'];
$Lname = $_POST['last_name'];
$Email = $_POST['email'];
$sql = $con->query("INSER INTO subscriptions (Fname, Lname, Email)Values('{$Fname}', '{$Lname}', '{$Email}')");
header ('Location: confirm.html');
}
?>
This is my connections.php file, required by the above code:
<?php
$con = mysqli_connect("localhost", "webmaster_velez", "Cristianpromw3", "nexus_subscriptions");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
This is the HTML that the user interacts with to send their email address:
<div id="subscribe">
<form id="SubscriptionForm" name="RegisterForm" method="post">
<div class="FormElement">
<input name="first_name" type="text" required="required" class="TField" id="first_name" form="SubscriptionForm" placeholder="First Name">
</div>
<div class="FormElement">
<input name="last_name" type="text" required="required" class="TField" id="last_name" form="SubscriptionForm" placeholder="Last Name">
</div>
<div class="FormElement">
<input name="email" type="email" required="required" class="TField" id="email" form="SubscriptionForm" placeholder="Email">
</div>
<div class="FormElement">
<input name="submit" type="submit" class="button" id="submit" form="SubscriptionForm" value="Submit">
</div>
</form>
</div>
Any help, corrections, and/or advice on this would be much appreciated and accepted. Thanks in advance.
PS. I am new to PHP and database/server dynamics.
From reading the code you've written, I would assume that the main problem you are facing is this typo - "INSER INTO" should be "INSERT INTO".
You'll also need to implement some try error blocks to catch if any errors are happening and protect yourself from SQL vulnerabilities/injections.
So I'm creating a login section. However, I'm not sure if it actually logs the user in. I have a table with UserID (A_I), email, password and all the usual stuff. So when I log in, I'm trying to fetch and echo the UserID on the account page, just to show that the user is logged in, but still haven't got any success with it.
Login form:
<form method="post" action="">
<div class="FormElement">
<input name="email" type="text" required="required" class="TField" placeholder="Email">
</div>
<div class="FormElement">
<input type="Password" required="required" class="TField" placeholder="Password">
</div>
<div class="FormElement">
<input name="LogIn" type="submit" class="button" value="LogIn">
</div>
</form>
Login php script:
<?php require 'Connections/Connections.php'; ?>
<?php
if (isset($_POST['LogIn'])){
$EM = $_POST['email'];
$PW = $_POST['password'];
$result = $con->query("select * from user where Email='$EM' AND Password='$PW'");
$row = $result->fetch_array(MYSQLI_BOTH);
session_start();
$_SESSION["UserID"] = $row['UserID'];
header('Location: Account.php');
}
?>
As you can see in the script, we're heading to Account.php, where I am basically trying to:
<?php echo $_SESSION["UserID"]; ?>
However, no UserID is being echo'ed. No errors, notices or warnings.
The Connections.php ($con) is just a normal connection to the MYSQLI table, and it connects just fine.
Pretty new around here and any help is appreciated!
Thanks in advance.
You have to add the atribute name for your password field. Also it's good to use prepared statements and PDO. Finally, when you redirect your page add the exit method Why I have to call 'exit' after redirection through header('Location..') in PHP?.
<form method="post" action="youraction.php">
<div class="FormElement">
<input name="email" type="text" required="required" class="TField" placeholder="Email">
</div>
<div class="FormElement">
<input name="password" type="Password" required="required" class="TField" placeholder="Password">
</div>
<div class="FormElement">
<input name="LogIn" type="submit" class="button" value="LogIn">
</div>
</form>
<?php
if (isset($_POST['LogIn'])) {
session_start();
try {
//Make your connection handler to your database
$conn = new PDO("mysql:host=".$servername.";dbname=".$database, $username, $password, array(PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING));
$sql = "SELECT * FROM user WHERE Email = :email AND Password = :password";
$stmt = $conn->prepare($sql);
//Execute the query
$stmt->execute(array(':email'=>$email, ':password'=>$password));
$row = $stmt->fetch();
if (count($row) > 0) {
$_SESSION["UserID"] = $row['UserID'];
header('Location: Account.php');
exit();
}
} catch(PDOException $e) {
echo $e->getMessage();
die();
}
}
?>
You are missing name field in your password input, it should be:
<input name="password" type="Password" required="required" class="TField" placeholder="Password" />
Also don't forget to close all your input tags so they end with />
As the side, do not just pass strings from $_POST array straight to the query, you can be comprisimed by SQL injection. Use something like: quote() http://php.net/manual/en/pdo.quote.php
Add name attribute to password input.
<form method="post" action="">
<div class="FormElement">
<input name="email" type="text" required="required" class="TField" placeholder="Email">
</div>
<div class="FormElement">
<input type="Password" required="required" name="password" class="TField" placeholder="Password">
</div>
<div class="FormElement">
<input name="LogIn" type="submit" class="button" value="LogIn">
</div>
</form>
As you have not provided name it always return undefined index. And it will not match with the password in DB.
Oops you missed name="password" in input form also use single php tags for easy understanding
require_once ('Connections/Connections.php');
if (isset($_POST['LogIn'])) {
$EM = $_POST['email'];
$PW = $_POST['password'];
$result = $con->query("select * from user where Email='$EM' AND Password='$PW'");
$row = $result->fetch_array(MYSQLI_BOTH);
if (!empty($row)) {
session_start();
$_SESSION["UserID"] = $row['UserID'];
}
header('Location: Account.php');
}
I have a HTML Sign Up form that allows new users to be registered to the site.:
<form action="register.php" method="POST" class="register-form">
<h1>Create Account</h1>
<label>
<span>First Name :</span>
<input id="firstname" type="text" name="firstname" placeholder="Your First Name" autocomplete="off" required/>
</label>
<label>
<span>Surname :</span>
<input id="surname" type="text" name="surname" placeholder="Your Surname" autocomplete="off" required/>
</label>
<label>
<span>Username :</span>
<input id="username" type="text" name="username" placeholder="Your Chosen Username" autocomplete="off" required/>
</label>
<label>
<span>Email :</span>
<input id="email" type="email" name="email" placeholder="Your Email Address" autocomplete="off" required/>
</label>
<label>
<span>Password :</span>
<input id="password" type="password" name="password" placeholder="Your Chosen Password" autocomplete="off" required/>
</label>
<hr>
<input name="action" type="hidden" value="signup" />
<input type="submit" class="btn register btn-success btn-lg" name="submit" value="Register">
</form>
Which goes to register.php:
<?php
$connection = mysql_connect('localhost', 'root', 'password');
if (!$connection) {
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('gmaps1');
if (!$select_db) {
die("Database Selection Failed" . mysql_error());
}
// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])) {
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO `users` (firstname, surname, username, password, email) VALUES ('$firstname', '$surname', '$username', '$password', '$email')";
$result = mysql_query($query);
if ($result) {
header("Location: thank_you.html");
} else {
echo 'User Not Created';
}
}
?>
But when I click the Register button it doesn't save the data and returns "User Not Created". Would it be better using MySQLi rather than MySQL or is there a better way for this to work??
Error checking solved my problem - "field 'active' doesn't have a default value"
There was an inactive field in the table 'Users'. I got rid of that and it works fine. It must have been added in by mistake.
You don't get a "Database Connection Failed" so you sucessfully connected with the database
Its better to use MySQLi or PDO (my choice)
At least use mysql_real_escape and maybe a trim() but thats just a starting point when it comes to security
check wether all your database fields are named exactly the way you are adressing them inside your Insert-Statement
Do a echo $query, open phpMyAdmin (for example) and copy-paste the output inside the SQL field and send -> you may get a MySQL error you can analyse
It's better to store passwords hashed. Try inserting MD5($password) (there are way better options!) and on login do compare:
if(MD5($inputPassword) == $passwordhashFromDatabase){}