I try to make registration form using PDO.I got next form:
<form name="registration" action="registration.php" method="POST">
<label for 'username'>Username: </label>
<input type="text" name="userName"/>
<label for 'password'>Password: </label>
<input type="password" name="pass"/>
<label for 'first_name'>First name: </label>
<input type="text" name="fullName"/>
<label for 'email'>Email: </label>
<input type="text" name="email"/>
<br/>
<button type="submit">Submit</button>
</form>
And I got registration.php file to connect database and insert values:
<?php
$user = 'root';
$pass = '8169x5it';
$db = new PDO( 'mysql:host=localhost;dbname=reg_form', $user, $pass );
$form = $_POST;
$usernName = $form[ 'userName' ];
$pass = $form[ 'pass' ];
$fullName = $form[ 'fullName' ];
$email = $form[ 'email' ];
$sql = "INSERT INTO WebsiteUsers ( userName, pass, fullName, email ) VALUES ( :userName, :pass, :fullName, :email )";
$query = $db->prepare( $sql );
$query->execute( array( ':userName'=>$userName, ':pass'=>$pass, ':fullName'=>$fullName, ':email'=>$email ) );
?>
So, the problem is when I put some in fileds and press Submit button my data NOT insert to database. Please help me, I'm new in PDO and mysql and I can't understand what's wrong. Thanks in advance!
Check for errors
Remove unnecessary variables
Check if post variables are set with isset()
try{
$user = 'root';
$pass = '8169x5it';
$db = new PDO( 'mysql:host=localhost;dbname=reg_form', $user, $pass );
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO WebsiteUsers ( userName, pass, fullName, email )
VALUES ( :userName, :pass, :fullName, :email )";
if($query = $db->prepare($sql)){
$query->bindValue(':userName', $_POST['userName']);
$query->bindValue(':pass', $_POST['pass']);
$query->bindValue(':fullName', $_POST['fullName']);
$query->bindValue(':email', $_POST['email']);
if($query->execute()){
echo 'execute() success ';
echo 'affected rows = '.$stmt->rowCount();
}else{
echo 'execute() failed';
}
}else{
echo 'prepare() failed';
}
}catch(PDOException $e) {
// Print PDOException message
echo $e->getMessage();
}
Related
This is my HTML file:
<div class="form">
<form action="register.php" method="POST" class="register-form">
<input type="text" placeholder="Username" name="username" required/>
<input type="password" placeholder="Password" name="password" required/>
<input type="text" placeholder="Email" name="email" required/>
<button type="submit">Create</button>
<p class="message"> Already Registered? Login
</p>
</form>
<form action="login.php" method="POST" class="login-form">
<input type="text" placeholder="Username" name="username" required/>
<input type="password" placeholder="Password" name="password" required/>
<button type="submit">login</button>
<p class="message">Not Registered? Register</p>
</form>
This is my PHP file:
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
if (!empty($username) || !empty($password) || !empty($email)) {
$serverName = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbname = "account";
//create connection
$conn = new MySQLI($serverName,$dbUsername,$dbPassword,$dbname);
if (mysqli_connect_error()) {
die('Connect Error('. mysqli_connect_errno().')'. mysqli_connect_error());
} else {
$SELECT = "SELECT email From users Where email = ? Limit 1";
$INSERT = "INSERT Into users (username, password, email) values(?, ?, ?)";
//Prepare statement
$stmt = $conn->prepare($SELECT);
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->bind_result($email);
$stmt->store_result();
$stmt->store_result();
$stmt->fetch();
$rnum = $stmt->num_rows;
if ($rnum==0) {
$stmt->close();
$stmt = $conn->prepare($INSERT);
$stmt->bind_param("sss", $username, $password, $email);
$stmt->execute();
echo "New record inserted sucessfully";
} else {
echo "Someone already register using this email";
}
$stmt->close();
$conn->close();
}
} else {
echo "All field are required";
die();
}
I have a database called account, with a table called users, columns called id, email, username & password. The ID is an INT, and selected as primary. And the rest is set as VARCHAR.
When I enter some names in the form, and press signup, it's giving me the result "New record inserted successfully", so I have no idea, why this doesn't work.
Your problem is the way you use mysqli. As I have said in the comments mysqli is not suitable for beginners, the API is very cumbersome.
Look at the lines before your INSERT statement. You perform a SELECT statement, presumably to check if the email has been used before and then you bind the result variable. The variable is called $email. You overwrite your user input with the result from SELECT. But this is not the right way.
The simple solution would be to name the variable something else, but the right answer is that you should fetch a count from the SQL not the value. See adjusted code below:
<?php
$username = filter_input(INPUT_POST, 'username');
$password = filter_input(INPUT_POST, 'password');
$email = filter_input(INPUT_POST, 'email');
if ($username && $password && $email) {
$serverName = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbname = "account";
//create connection
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = new MySQLI($serverName, $dbUsername, $dbPassword, $dbname);
$conn->set_charset('utf8mb4'); // always set the charset
//Prepare statement
$stmt = $conn->prepare("SELECT COUNT(email) From users Where email = ? Limit 1");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($exists); // we fetch the count
$stmt->fetch();
if (!$exists) {
$stmt = $conn->prepare("INSERT Into users (username, password, email) values(?, ?, ?)");
// Don't forget to hash the password and never store the real password anywhere
$hash = password_hash($password, PASSWORD_DEFAULT);
$stmt->bind_param("sss", $username, $hash, $email);
$stmt->execute();
echo "New record inserted sucessfully";
} else {
echo "Someone already register using this email";
}
} else {
echo "All field are required";
}
I remove the unnecessary code and removed the store_result() and num_rows. They are not helpful in this situation. Instead fetch a count of matching rows and check if the count is not 0 with if(!$exists)
This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 3 years ago.
I'm trying to process some HTML form data into a MySQL database using some PHP, but this is my first foray into webdev and I think I'm in over my head. The form is POSTed to the formSubmit.php file, which turns them into the variables that the sql command then queries. I've tried changing round the variable layout, but it still won't send for some reason.
The HTML form:
<form class="middleForm" name="pizzaGuest" action="formSubmit.php" method="POST">
<fieldset>
<legend>Guest details</legend>
First name:<br>
<input type="text" name="firstName" required><br>
Last name:<br>
<input type="text" name="lastName" required><br>
Email address:<br>
<input type="email" name="email" required><br>
Party date:<br>
<input type="date" name="date" required><br>
Diet:<br>
<select name="diet">
<option value="omnivore" selected>Omnivore</option>
<option value="pescatarian">Pescatarian</option>
<option value="vegetarian">Vegetarian</option>
<option value="vegan">Vegan</option>
</select><br>
Dairy free?<br>
<input type="checkbox" name="dairyFree"><br>
Toppings:<br>
<input type="text" name="toppings"><br>
Allergies:<br>
<input type="text" name="allergies"><br>
<input type="submit" value="Submit">
</fieldset>
</form>
formSubmit.php:
<?php
$servername = "localhost";
$username = "partyForm";
$password = "████████████";
$dbname = "pizza";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$FirstName = $_POST["firstName"];
$LastName = $_POST["lastName"];
$Diet = $_POST["diet"];
$Allergies = $_POST["allergies"];
$Email = $_POST["email"];
$DairyFree = $_POST["dairyFree"];
$sql = "REPLACE INTO guests (FirstName, LastName, Diet, Allergies, Email, DairyFree) VALUES ($FirstName, $LastName, $Diet, $Allergies, $Email, $DairyFree);";
mysql_query($sql)
mysqli_close($conn);
?>
You might try using prepared statements instead as they proect against sql injection and avoid the need to add quotes as your sql omits.
<?php
$servername = "localhost";
$username = "partyForm";
$password = "xxx";
$dbname = "pizza";
$conn = new mysqli( $servername, $username, $password, $dbname );
if( !$conn ) die("Connection failed");
$sql = "replace into guests ( `firstname`, `lastname`, `diet`, `allergies`, `email`, `dairyfree` ) values (?,?,?,?,?,?);";
$stmt=$conn->prepare($sql);
$stmt->bind_param('ssssss',$_POST["firstName"], $_POST["lastName"], $_POST["diet"], $_POST["allergies"], $_POST["email"], $_POST["dairyFree"] );
$stmt->execute();
$stmt->close();
$conn->close();
?>
For a best usage and confort, check the PDO driver for MySQL instead of mysql. With this method, you can perform prepared statements easily.
The connection with this driver will be:
$dbh = null;
try {
$dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
} catch (PDOException $e) {
print "Erreur !: " . $e->getMessage() . "<br/>";
die();
}
$stmt = $dbh->prepare("REPLACE INTO guests (FirstName, LastName, Diet, Allergies, Email, DairyFree) VALUES (:FirstName, :LastName, :Diet, :Allergies, :Email, :DairyFree);");
$stmt->bindParam(':FirstName', $FirstName);
$stmt->bindParam(':LastName', $LastName);
$stmt->bindParam(':Diet', $Diet);
$stmt->bindParam(':Allergies', $Allergies);
$stmt->bindParam(':Email', $Email);
$stmt->bindParam(':DairyFree', $DairyFree);
$stmt->execute();
// Close the connection at the end of your queries
$dbh->close();
$dbh = null;
This the best approach to secure your code and minimize the risk go SQL injections.
I have this PHP that basically is being used for inserting an email and password into an SQL database:
<?php
error_reporting(E_ALL ^ E_STRICT);
require "database.php";
$message = '';
if (!empty($_POST["email"]) &&!empty($_POST["password"])):
//Enter the new user in the database
$sql = "INSERT INTO users (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(":email", $_POST['email']);
$stmt->bindParam(":password", password_hash($_POST['password'], PASSWORD_BCRYPT));
if ($stmt->execute() ):
$message = 'Successfully created a new user';
else:
$message = 'Sorry there must have been an issue whilst registering';
endif;
endif;
?>
Here is the form:
<div class="jumbotron" id="jumbotron-6">
<div class="container text-center">
<?php if (!empty($message)):
?>
<h3 id="h3message"><?= $message ?> </h3>
<?php endif; ?>
<form action="signup.php" method="POST">
<input type="text" placeholder="enter your email" name="email">
<input type="password" placeholder="and password" name="password">
<input type="password" placeholder="confirm password" name="confirm_password">
<input type="submit">
</form>
</div>
</div>
It doesn't insert into the database (all the fields, variables are correct i think - just email and password) and it comes back with the error message that I created that says 'Sorry there must have been an issue whilst registering'
Here is the database.php file
<?php
$server = 'localhost';
$username = "root";
$password = "";
$database = "auth";
try{
$conn = new PDO ("mysql:host={$server};dbname={$database};" , $username, $password);
}
catch (PDOException $e) {
die ( "Connection failed; " . $e->getMessage());
}
?>
Hash the password before you bind it:
$UserPWHash = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(":password", $UserPWHash));
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I've written this code for a registration page, but I am unable to get insert data into my database using PDO(or doing something incorrectly rather). Here is the registration page code:
<?php
if (empty($_POST)){
?>
<form name="registration" action="register.php" method="POST">
<label for "username">Username: </label>
<input type="text" name="username"/><br />
<label for "password">Password: </label>
<input type="password" name="password"/><br />
<label for "fname">First Name: </label>
<input type="text" name="fname"/><br />
<label for "lname">Last name: </label>
<input type="text" name="lname"/><br />
<label for "email">Email: </label>
<input type="text" name="email"/><br />
<button type="submit">Submit</button>
</form>
<?php
}
else{
$form = $_POST;
$username = $form['username'];
$password = $form['passowrd'];
$fname = $form['fname'];
$lname = $form['lname'];
$email = $form['email'];
$user = 'root';
$pass = 'pdt1848!';
$db = new PDO('mysql:host=localhost;dbname=phpproject', $user, $pass);
$sql = "INSERT INTO users (username, password, fname, lname, email)VALUES(:username, :password, :fname, :lname, :email)";
$query = $db->prepare($sql);
$result = $query->execute(array(':username'=>$username, ':password'=>$password,
':fname'=>$fname, ':lname'=>$lname, ':email'=>$email));
if ($result){
echo "Thanks for registering with us!";
} else {
echo "Sorry, an error occurred while editing the database. Contact the guy who built this garbage.";
};
};
?>
The error is right here, passowrd
$password = $form['passowrd'];
A mere typo.
change it to:
$password = $form['password'];
when one fails, the whole query fails.
Had you error reporting in your code, it would've picked it up right away.
Ways that you can use in the future are a try & catch method, such as:
try {
$dbh = new PDO($dsn, $user, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
as well as
error_reporting(E_ALL);
ini_set('display_errors', 1);
Links that you can consult for further reading:
PDO
http://www.php.net/manual/en/pdo.error-handling.php
http://www.php.net/manual/en/pdo.errorinfo.php
MySQL
http://www.php.net/manual/en/mysqli.error.php
http://www.php.net/mysqli_error
(more)
http://php.net/manual/en/errorfunc.configuration.php#ini.display-errors
http://php.net/manual/en/errorfunc.configuration.php#ini.display-startup-errors
http://php.net/manual/en/function.error-reporting.php
Passwords
I also noticed that you are storing passwords in plain text. This is not recommended.
Use one of the following:
CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
On OPENWALL
PBKDF2
PBKDF2 on PHP.net
PHP 5.5's password_hash() function.
Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/
Other links:
PBKDF2 For PHP
Well I do something like this,
$user = 'your username';
$pass = 'your pass';
$db = new PDO( 'mysql:host=localhost;dbname=your_data_base_name', $user, $pass );
/*Grab Post*/
$form = $_POST;
$username = $form[ 'username' ];
$password = $form[ 'password' ];
$first_name = $form[ 'first_name' ];
$surname = $form[ 'surname' ];
$address = $form[ 'address' ];
$email = $form[ 'email' ];
// Sql
$sql = "INSERT INTO users ( username, password, first_name, surname, address, email ) VALUES ( :username, :password, :first_name, :surname, :address, :email )";
$result = $query->execute( array( ':username'=>$username, ':password'=>$password, ':first_name'=>$first_name, ':surname'=>$surname, ':address'=>$address, ':email'=>$email ) );
if ( $result ){
echo "Thank you. You have been registered";
} else {
echo "Sorry, there has been a problem inserting your details.";
}
In addition I always, enable my error reporting as Tuga suggested. It never fails me.
apart from the typo in the passowrd you should enable exceptions for PDO and use a try and catch statement to catch the exception. Also some other little changes, like structuring the PHP first and removing the odd re-assign of the POST superglobal.
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$result = "Thanks for registering with us!";
try{
$db = new PDO('mysql:host=localhost;dbname=phpproject', 'root', 'pdt1848!');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC);
$sql = "INSERT INTO users (username, password, fname, lname, email)
VALUES(:username, :password, :fname, :lname, :email)";
$query = $db->prepare($sql);
$query->execute(array(':username'=>$_POST['username'],
':password'=>$_POST['password'],
':fname'=>$_POST['fname'],
':lname'=>$_POST['lname'],
':email'=>$_POST['email']));
}catch(PDOException $e){
$result = 'Sorry, an error occurred while editing the database. Contact the guy who built this garbage.';
//or use $e->getMessage(); for the real error
}
echo $result;
}
else{ ?>
<form name="registration" action="register.php" method="POST">
<label for "username">Username: </label>
<input type="text" name="username"/><br />
<label for "password">Password: </label>
<input type="password" name="password"/><br />
<label for "fname">First Name: </label>
<input type="text" name="fname"/><br />
<label for "lname">Last name: </label>
<input type="text" name="lname"/><br />
<label for "email">Email: </label>
<input type="text" name="email"/><br />
<button type="submit">Submit</button>
</form>
<?php } ?>
Also its a very bad idea to store plain-text passwords in your db. ~ Read: Best way to store password in database.
Edit,
Added some validation of your inputs to help you get started, hope it helps. not tested.
<?php
try{
$db = new PDO('mysql:host=localhost;dbname=phpproject', 'root', 'pdt1848!');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC);
}catch(PDOException $e){
die('Sorry, an error occurred while editing the database. Contact the guy who built this garbage.');
//or use $e->getMessage(); for the real error
}
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
//create empty error array - to fill with errors if any
$error = array();
//validate username
if(empty($_POST['username'])){
$error['username'] = 'Enter a username';
}elseif(strlen($_POST['username']) <= 2){
$error['username'] = 'Username too short > 2 chars';
}else{
//check for existing user
$sql = "SELECT 1
FROM `users`
WHERE username = :username";
$query = $db->prepare($sql);
$query->execute(array(':username' => $_POST['username']));
$result = $query->fetchAll(PDO::FETCH_ASSOC);
if(!empty($result)){
$error['username'] = 'User already exists';
}
}
//validate pass
if(empty($_POST['password'])){
$error['password'] = 'Please enter password';
}elseif(strlen($_POST['password']) < 6){
$error['password'] = 'Password too short, password should be 6 chars or longer';
}
//validate fname
if(empty($_POST['fname'])){
$error['fname'] = 'Please enter your first name';
}
//validate fname
if(empty($_POST['lname'])){
$error['lname'] = 'Please enter your last name';
}
//validate email
if(empty($_POST['email'])){
$error['email'] = 'Please enter your email';
}else{
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
$error['email'] = 'Please enter valid email';
}
}
//no errors detected so insert
if(empty($error)){
$sql = "INSERT INTO users (username, password, fname, lname, email)
VALUES(:username, :password, :fname, :lname, :email)";
$query = $db->prepare($sql);
$query->execute(array(':username'=>$_POST['username'],
':password'=>$_POST['password'],
':fname'=>$_POST['fname'],
':lname'=>$_POST['lname'],
':email'=>$_POST['email']));
$result = 'Thanks for registering with us! Click here to login';
}else{
$result = 'Please correct the errors';
}
}?>
<?php echo isset($result) ? $result : null;?>
<form name="registration" action="register.php" method="POST">
<label for "username">Username: <?php echo isset($error['username']) ? $error['username'] : null;?></label>
<input type="text" name="username"/><br />
<label for "password">Password: <?php echo isset($error['password']) ? $error['password'] : null;?></label>
<input type="password" name="password"/><br />
<label for "fname">First Name: <?php echo isset($error['fname']) ? $error['fname'] : null;?></label>
<input type="text" name="fname"/><br />
<label for "lname">Last name: <?php echo isset($error['lname']) ? $error['lname'] : null;?></label>
<input type="text" name="lname"/><br />
<label for "email">Email: <?php echo isset($error['email']) ? $error['email'] : null;?></label>
<input type="text" name="email"/><br />
<button type="submit">Submit</button>
</form>
I have a table named 'Directors' in the database 'db2'.
I have an HTML form. I would like when I insert the values and hit submit button, to insert the content into the table in a new row (to INSERT INTO), after it makes some validations (you'll notice them in the script). I've tried to do it by myself, but it is always echoing me 'Fail';
This is my HTML form:
<form action="process.php" method="post" accept-charset="utf-8">
<input type="hidden" name="pages_edit_nonce" />
<div class="section-item page-title-section">
<label for="title">Full Name:</label><span class="help">*</span><div class="input-wrap"><input type="text" name="name" value="" /></div> </div>
<div class="section-item">
<label for="label">Phone:</label><span class="help">*Optionally</span><div class="input-wrap"><input type="text" name="phone" value="" /></div> </div>
<div class="section-item">
<label for="redirect">Е-mail:</label><span class="help">*</span><div class="input-wrap"><input type="text" name="email" value="" placeholder="" /></div> </div>
<div class="section-item">
<label for="redirect">School:</label><span class="help">*</span><div class="input-wrap"><input type="text" name="school" value="" placeholder="" /></div> </div>
<div class="section-item">
<label for="redirect">City:</label><span class="help">*</span><div class="input-wrap"><input type="text" name="city" value="" placeholder="" /></div> </div>
<div class="section-item">
<label for="redirect">Password:</label><span class="help">*</span><div class="input-wrap"><input type="password" name="password" value="" placeholder="" /></div> </div>
<div class="admin-bar">
<div class="admin-bar-inner">
<input type="submit" value="Submit" class="btn" />
</div>
</div>
</form>
This is my process.php file:
$server = "localhost";
$user = "****";
$pass = "****";
$conn = mysql_connect($server, $user, $pass);
$db = mysql_select_db("****", $conn);
session_start();
if(!$db) {
$_SESSION['ERRMSG'] = "<strong>Error:</strong> The access to the database is denied!";
header("Location: ../../admin/error/");
exit();
}
session_start();
function UniqueID() {
$UID = rand(); //Create unique ID
$check = mysql_query("SELECT * FROM `Directors` WHERE `UID` = '$UID'");
if(mysql_num_rows($check) > 0) { //Check if it exists
UniqueID(); //Redo the function
} else {
return $UID; //return the uniqueid
}
}
$UID = UniqueID(); //Unique ID
$email = $_POST['email'];
$password = $_POST['password'];
$name = $_POST['name'];
$phone = $_POST['phone'];
$school = $_POST['school'];
$city = $_POST['city'];
//Create INSERT query
$qry = "INSERT INTO `oclass`.`Directors`(`UID`,`Name`, `Phone`, `Email`, `SchoolGymnasium`, `City`, `Password`) VALUES('$UID','$name','$phone','$email','$school','$city','" . md5($password) . "')";
$result = mysql_query($qry);
//Check whether the query was successful or not
if($result) {
$_SESSION['SUCCMSGADDDIR'] = 'Sucessful.';
header("location: URL");
exit();
} else {
$_SESSION['ERRMSGADDDIR'] = 'Fail';
header("location: URL");
}
After changing the error session with mysql_error() it gave me the following error:
Fatal error: Can't use function return value in write context in ... on line 10;
Line 10 is:
mysql_error() = "<strong>Error:</strong> The access to the database is denied!";
I've removed the column named ID (which was Primary Key) and set UID column as Primary Key, and now is working. Thank you guys.
Firstly you must have never heard of SQL injection http://en.wikipedia.org/wiki/SQL_injection. Your current code is opening you up for attacks. You can't directly insert user input into the database like you're doing. Also mysql_* functions are deprecated. To help your code be safer and more update try something like this:
session_start();
$host = "localhost";
$user = "****";
$pass = "****";
$db = "****";
$dbh = new PDO("mysql:host=$host;dbname=$db", $user, $pass);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("INSERT INTO `oclass`.`Directors`(`UID`,`Name`, `Phone`, `Email`, `SchoolGymnasium`, `City`, `Password`) VALUES (:uid, :name, :phone, :email, :school, :city, :password)");
$stmt->bindParam(':uid', uniqid());
$stmt->bindParam(':name', $_POST['name']);
$stmt->bindParam(':phone', $_POST['phone']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':school', $_POST['school']);
$stmt->bindParam(':city', $_POST['city']);
$stmt->bindParam(':password', md5($_POST['password']));
$stmt->execute();