I am trying to insert into customer table in eshop_db
When I run it, it does not have any error, but it did not store in mysql.
What it is problem in my code?
I don't understand really.
Please give some answer. Thanks.
--registerForm.php--
<form action="register.php" method="post">
<p>User ID: <input type="text" name="userId" size="30"/>*</p>
<p>Password: <input type="password" name="password" size="30"/>* </p>
<p>Retype Password: <input type="password" name="repassword" size="30"/>*</p>
<p>First Name: <input type="text" name="firstName" size="30"/>*</p>
<p>Last Name: <input type="text" name="lastName" size="30"/>*</p>
<p>Your Address (*):</p>
<p><textarea name="address" rows="5" cols="30"></textarea></p>
<p>Phone: <input type="text" name="phone" size="20"/>*</p>
<p>E-mail: <input type="text" name="email" size="21"/>*</p>
<p><input type="submit" value="Create Account"/></p>
</form>
--register.php--
<?php
require "sql_connection.php";
if(isset($_POST['submit']))
{
if($_POST["password"]==$_POST["repassword"])
{
mysql_query("insert into customer (userId, password, firstName, lastName, address, phone, email)
values ('$_POST[userId]','$_POST[password]','$_POST[firstName]','$_POST[lastName]','$_POST[addres]]','$_POST[phone]','$_POST[email]')")
or die(mysql_error());
}
}
?>
--sql_connection.php--
<?php
$db_host = "localhost";
$db_username = "root";
$db_pass = "mypass";
$db_name = "eshop_db";
#mysql_connect("$db_host", "$db_username", "$db_pass", "$db_name") or die("connection is fail.");
#mysql_select_db("$db_name") or die("database does not exsist.");
echo "Successfully connected!!";
?>
Typo, correct this part here:
'$_POST[addres]]' // wrong
'$_POST[address]' // right
Try this:
<?php
require "sql_connection.php";
if(isset($_POST['submit']) && $_POST["password"] == $_POST["repassword"]) {
mysql_query(
'INSERT INTO `customer` (`userId`, `password`, `firstName`, `lastName`, `address`, `phone`, `email`)
VALUES ('.$_POST['userId'].', '.$_POST['password'].', '.$_POST['firstName'].', '.$_POST['lastName'].', '.$_POST['address'].', '.$_POST['phone'].', '.$_POST['email'].')'
) or die(mysql_error());
}
Finally, filter and validate your incoming data.
Well, besides the obviously bad idea to directly use the values in the POST array, your indexes need to be quoted. So, $_POST['address'], etc. Also, array values need to be escaped with curly-braces if you're trying to do string injection.
Related
I am trying to create a user registration form using php and mysql. When I try to hit the submit button no new record is added to my database. The database is functional and has worked with other forms.
HTML/FORM
<?php
include 'header.php';
?>
<section>
<div class="form">
<form action="signup.php" method="post">
<h1> Sign Up!</h1>
<p>First name:
<input type="text" name="fName" maxlength="15" required pattern="^[a-zA-Z]{3,20}$" placeholder="Enter Name" />
</p>
<p>Last name:
<input type="text" name="lName" maxlength="15" pattern="^[a-zA-Z]{3,20}$" required placeholder="Enter Last Name" />
</p>
<p>Email:
<input type="email" name="email" maxlength="40" required placeholder="Enter Email" />
</p>
<p>Username:
<input type="text" name="username" maxlength="20" ^[A-Za-z0-9_]{1,15}$ required placeholder="Enter Username" />
</p>
<p>Password:
<input type="password" name="password" maxlength="20" pattern="(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" required placeholder="Enter Password" />
</p>
<p>Re-type Password:
<input type="password" name="password2" maxlength="20" pattern="^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*$" required placeholder="Re-type Password" />
</p>
<p>
<button type="submit" name="signupbutton"> Sign up </button>
</p>
</form>
</div>
</section>
<div class="footerspecial">
<?php
include 'footer.php';
?>
</div>
PHP/SQL
<?php
//have they submitted at least once?
if(isset($POST['$password2'])){
$fName = $_POST['fName'];
$lName = $_POST['lName'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
//do the passwords NOT match?
if ($password !== $password2) {//do string comparison here
echo'<h2>Error: passwrods don\'t match!</h2>';
require ('registerform.php');
}
else {
//does the username already exist?
$sql = mysql_query("SELECT * FROM users WHERE username=='$username'");
if ($results=$con->query($sql)){
echo'<h2>Error: username is already taken</h2>';
require ('registerform.php');
}
else {
$sql = mysql_query("SELECT * FROM users WHERE email=='$email'");
if ($results=$con->query($sql)){
echo'<h2>Error: email already used</h2>';
require ('registerform.php');
}
else {
// If the values are posted, insert them into the database.
$sql= "INSERT INTO users (fName, lName, email, username, password, password2) VALUES ('$fName', '$lName', '$email', '$username', '$password', $password2)";
if (!$con->query($sql)){
echo 'Error: coulndt do suff';
}
else {
echo 'Account made';
}//ENDS SUCCESSFUL INSURT
}//ENDS EMAIL VALIDATION
}//ENDS THE USERNAME VALIDATION
}//END PASSWORD VALIDATION
}
?>
Picture of the form don't really know if its helpful but ya'know
https://gyazo.com/418b86ecb5090604a1f229e1e94fe3bf
I'm guessing here that your database doesn't have a password2 column (seems kind of pointless to have) so trying to insert into it will give an error.
You should read about MySQLi error reporting
Also add error_reporting(-1); at the start of your PHP file to show PHP errors.
P.S. your code is vulnerable to SQL injection, you should use prepared statements to be safe from this.
Could have multiple problems first you do not have the single quotes around $password2. This could be leading to a failed insert.
VALUES ('$fName', '$lName', '$email', '$username', '$password', $password2)";
Also I would echo the sql errors out as you are not doing. you can do this easily. Test the if statement for a true not a false
if ($con->query($sql)){
//if true then runs your code;
}
else {
echo "Error: " . $sql . "<br>" . $con->error; // This will echo out any sql errors you may have
}
I am inserting data in my WAMP database from user input:
PHP
<?php
$con=mysqli_connect("127.0.0.1","beni","2155","visitbulgaria");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$forename = mysqli_real_escape_string($con,$_POST['Forename']);
$surname = mysqli_real_escape_string($con,$_POST['Surname']);
$email = mysqli_real_escape_string($con,$_POST['Email']);
$username = mysqli_real_escape_string ($con,$_POST['Username']);
$password = mysqli_real_escape_string ($con,$_POST['Password']);
$sql="INSERT INTO `customer`(`Forename`, `Surname`, `Email`, `Username`, `Password`)
VALUES ('$forename', '$surname', '$email', '$username', '$password')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
HTML
<html>
<body>
<form action="insert.php" method="post">
Firstname: <input type="text" name="Forename">
Lastname: <input type="text" name="Surname">
Email: <input type="text" name="Email">
username: <input type="text" name="Username">
pass: <input type="text" name="Password">
<input type="submit">
</form>
</body>
</html>
whah happens here is that on submit it does work but when I look at the database in phpMyAdmin it has only added the first three record (forename, surname and email and then the username and password field are left blank, and I have no idea how to fix that and why it is doing it.
I'd like to know if there are any errors/exploits in this piece of coding, and also can someone help me because I register but it doesn't insert data into the database. If there are any mistakes can you correct them please. I want it so if the username exists, redirect them to error?=1, and so on with passwords not matching. Any help is appreciated.
Register.php
<form action="register_acc.php" method="post">
<input type="text" name="username" class="input" value="" autocomplete="off" placeholder="Username" maxlength="25" /><br />
<br />
<input type="password" name="password" class="input" value="" autocomplete="off" placeholder="Password" maxlength="20" /><br />
<br />
<input type="password" name="password2" class="input" value="" autocomplete="off" placeholder="Password again" maxlength="20" /><br />
<br />
<input type="text" name="email" class="input" value="" autocomplete="off" placeholder="Email" maxlength="255" /><br />
<br />
<input type="submit" name="submit "class="submit" value="Sign up">
</form>
register_acc.php
<?php
error_reporting(1);
include 'site/inc/config.php';
if (isset($_POST['submit'])) {
session_start();
$username = $_POST['username'];
$password = md5($_POST['password']);
$pass_conf = md5($_POST['password2']);
$email = $_POST['email'];
$ip = $_SERVER['REMOTE_ADDR'];
$date= date("d-m-Y");
$q = "SELECT * FROM `users` WHERE username = '$username'";
$r = mysql_query($q);
if (empty($username)) {
header("Location: register.php?error=1");
exit;
}
if ($password != $pass_conf) {
header("Location: /site/register.php?error=2");
exit;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: /site/register.php?error=3");
exit;
}
if (mysql_num_rows($r) == 0) {
// Continue w/ registration, username is available!
$query = "INSERT INTO `users` (id, username, password, email, ip, rank, reg_date)
VALUES (0, '$username', '$password', '$email', '$ip', 1, '$date'())";
$run = mysql_query($query);
header("Location: /site/register.php?succsess=1");
}
}
else {
header("Location: register.php?error=4");
}
?>
You don't concatenate the $username variable into the query.
Try this:
"SELECT * FROM `users` WHERE username = '".$username."'"
Also your INSERT query looks a bit weird with the date() function. Try this:
$date = date("Y-m-d");
"INSERT INTO `users` (id, username, password, email, ip, rank, reg_date)
VALUES (0, '$username', '$password', '$email', '$ip', 1, '".$date."')"
EDIT: SCRIPT EXAMPLE
<?php
if(!isset($_POST['username'])||!isset($_POST['email'])||!isset($_POST['password']))//enter more values if necessary
{
header("Location: error_page.php?error=1");
}
else
{
//do whatever, eg execute query
}
?>
I created a table & when Submit button is hit after filling the form, those particulars should be inserted into the DB TABLE. But idk what's wrong with the code, it's echoing "Unable to select table".. My code is as follows:
<?php
if ( isset ( $_POST['submit'] ) )
{
mysql_connect("localhost","root","1234");
mysql_select_db("my_db")or die( "Unable to select database</span></p>");
$name1 = $_POST['name1'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$gender = $_POST['gender'];
$place = $_POST['place'];
$college = $_POST['college'];
$result=MYSQL_QUERY("INSERT INTO USERS3 (id,name1,email,password,confirmpassword,gender,college,place)".
"VALUES ('NULL', '$name1', '$email', '$password', '$confirmpassword', '$gender', '$place', '$college')")or die( "<p><span style=\"color: red;\">Unable to select table</span></p>");
mysql_close();
echo "<p><span style=\"color: red;\">Thank You;</span></p>";
}
else
{
// close php so we can put in our code
?>
<form id="form1" action="" method="post">
Name:
<input type="text" name="name1" /><br/>
E-mail:
<input type="text" name="email" /><br/>
Password:
<input type="password" name="password" /><br/>
Confirm Password:
<input type="password" name="confirmpassword" /><br/>
Gender:
<input type="radio" name="gender" />
Male
<input type="radio" name="gender" />
Female
<br/>
Location:
<input type="text" name="place" /><br/>
College:
<input type="text" name="college" /><br/>
<input id="submit1" class="submit" type="submit" name="submit" value="Submit"/><br/>
<input type="reset" value="reset" />
</form>
<?php
} //close the else statement
?>
PHP doesn't recognise function with capital letters. Use small-case characters:
mysql_query( "INSERT INTO USERS3 ( id, name1, email,
`password`, confirmpassword, gender, college, place)
VALUES ('NULL', '$name1', '$email',
'$password', '$confirmpassword', '$gender', '$place',
'$college')") or die( "<p><span style=\"color: red;\">Unable to select table</span></p>");
mysql_close();
If 'id' is an autoincrement field, you shouldn't be passing any value for it - the database will deal with that.
Everything looks fine.Only problem(s) could be:
The table name might be incorrect.Especially, i suspect your correct table name is users3 instead of USERS3 .
The ideal way to check is:
Add following statement before $result=.....
echo "INSERT INTO USERS3 (id,name1,email,password,confirmpassword,gender,college,place)".
"VALUES ('NULL', '$name1', '$email', '$password', '$confirmpassword', '$gender', '$place', '$college')";
Run/Load the page.
Whatever is printed - copy it.
Go to phpmyadmin and select SQL Tab.Paste what you copied in previous step and run it.
phpmyadmin will display the exact error.
I am stumped as to why this code will not work. I am trying to insert data into a MySQL Database called 'clubresults' with a table called 'members'. Usually this kind of stuff is fairly easy for me however nothing is showing up in the database. Obviously just running this off localhost for now using xammpp. Code Below.
Config.php
<?php
// Connects to your Database
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("clubresults") or die(mysql_error());
?>
RegProcess.php - Main PHP Class
<?php
include "config.php";
$Firstname = $_POST['Firstname'];
$Surname = $_POST['Surname'];
$Password = md5($_POST['Password']);
$Email = $_POST['Email'];
$insert = 'INSERT into members(Firstname, Surname, Password, Email) VALUES ("'.$Firstname.'", "'.$Surname.'", "'.Password.'", "'.$Email.'")';
mysql_query($insert);
?>
Register.php - Includes HTML Form
<form action="regprocess.php" method="post">
<table border="0">
<tr><td colspan=2><h1>Register</h1></td></tr> <br>
<tr><td>Firstname:</td><td>
<input type="text" name="Firstname" maxlength="60">
</td></tr>
<tr><td>Surname:</td><td>
<input type="text" name="Surname" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="Password" maxlength="20">
</td></tr>
<tr><td>Email:</td><td>
<input type="text" name="Email" maxlength="50">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register">
</form>
$insert = 'INSERT into members(Firstname, Surname, Password, Email) VALUES ("'.$Firstname.'", "'.$Surname.'", "'.$Password.'", "'.$Email.'")';
^^
u forgot putting $ before password