Hello everyone, im trying to make a registration system with PHP and MySQL but im not going well i just created table and i have writed the code well but there is something wrong the inputs don't send that data into database i have tryed much different ways of doing it but still cant be posted nothing in to database. Here is the code:

<form method='post'>
                    Name: <input type="text" name="name" color='#4DFF4D' placeholder='Your Real Name' /><br>
                    Last Name: <input type="text" name="lastname" color='#4DFF4D' placeholder='Your last name' /><br>
                    Username: <input type="text" name="username" color='#4DFF4D' placeholder='Choose Username' /><br>
                    Password: <input type="password" name="password" color='#4DFF4D' placeholder='Choose Password' /></font>
                    <input style="border-radius:8px;" type="image" class="new_account" name="submitb" src="NewAccount.png" alt="NewAccount" height='50' width='250px'>
                </form>
                <?php
                    if(isset($_POST['name']))
                    {
                        $con=mysqli_connect("$mysql_host","$mysql_database","$mysql_password ","$mysql_user ");
                        if (mysqli_connect_errno())
                        {
                            echo "Failed to connect to MySQL: ".mysqli_connect_error();
                        }
                        $sql="INSERT INTO Members (Name, Lastname, Username, Password)
                        VALUES
                        ('$_POST[name]','$_POST[lastname]','$_POST[username]','$_POST[password]')";
                        if (!mysqli_query($con,$sql))
                        {
                            die('Error: '.mysqli_error($con));
                        }
                        mysqli_close($con);
                    }
                    ?>

Thank you for helping me !

Member Avatar

diafol

A few pointers:

 $con=mysqli_connect("$mysql_host","$mysql_database","$mysql_password ","$mysql_user ");

No need for quotes - and I think you've got the order wrong. Also note the extra space for the user - that will cause it to fail - so no quotes.

$con = mysqli_connect($host,$user,$pw,$db) or die("Error " . mysqli_error($con));

Also although you use mysqli, you're not protecting yourself from SQL injection. Use parameterized queries (?):

$stmt = $mysqli->prepare("INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
$stmt->execute();

//EDIT
Sorry just remembered, you're using procedural mysqli not OOP. So here's procedural:

$stmt = mysqli_prepare($con, "INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
mysqli_stmt_execute($stmt);

Actually this line

 $con=mysqli_connect("$mysql_host","$mysql_database","$mysql_password ","$mysql_user ");

is good i just change the values for the forum post.

I have maked some changes but still cannot read into database .. :/

<?php
                    if(isset($_POST['name']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['password']))
                    {
                        $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB");
                        if (mysqli_connect_errno())
                        {
                            echo "Failed to connect to MySQL: ".mysqli_connect_error();
                        }
                        $stmt = $mysqli->prepare("INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
                        $stmt->bind_param('ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
                        $stmt->execute();

                        if (!mysqli_query($con,$stmt))
                        {
                            die('Error: '.mysqli_error($con));
                        }
                        mysqli_close($con);
                    }
                    ?>

My whole registration script if you can make changes here so ill just copy and paste to test it :/ THANK YOU

<html>
<body bgcolor='red'>
<title>Register</title>
<style>
    font.position_font {
        position:absolute;
        left:20%;
    }
    input.new_account {
        position:absolute;
        left:20%;
        top:80%;
    }
</style>
<form>
<font size="6">
    <div style="opacity:1; position:absolute; border-radius:30px; width:30%; left:20%; top:20%; height:50%; background-color:white; border:10px solid gray;">
        <strong>
            <center>
                <font face='Comic Sans MS' color='blue'>Register</font>
                <hr>
                <font size='3' color='black' class='position_font'>
                <form method='post'>
                    Name: <input type="text" name="name" color='#4DFF4D' placeholder='Your Real Name' /><br>
                    Last Name: <input type="text" name="lastname" color='#4DFF4D' placeholder='Your last name' /><br>
                    Username: <input type="text" name="username" color='#4DFF4D' placeholder='Choose Username' /><br>
                    Password: <input type="password" name="password" color='#4DFF4D' placeholder='Choose Password' /></font>
                    <input style="border-radius:8px;" type="image" class="new_account" name="submitb" src="NewAccount.png" alt="NewAccount" height='50' width='250px'>
                </form>
                <?php
                    if(isset($_POST['name']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['password']))
                    {
                        $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB");
                        if (mysqli_connect_errno())
                        {
                            echo "Failed to connect to MySQL: ".mysqli_connect_error();
                        }
                        $stmt = mysqli_prepare($con, "INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
                        mysqli_stmt_bind_param($stmt, 'ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
                        mysqli_stmt_execute($stmt);

                        if (!mysqli_query($con,$stmt))
                        {
                            die('Error: '.mysqli_error($con));
                        }
                        mysqli_close($con);
                    }
                    ?>
        </strong>
    </div>
</font>
</form>
</body>
</html>
Member Avatar

diafol

I'm assuming that you've got your own details here:

 $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB");

not the values in the manual?

Yeah they are not the real, i'm using other, im just changing for the security reasons ...

Member Avatar

diafol

if(isset($_POST['name']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['password']))
{
    $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB") or die('BAD CONNECTION:' .  mysqli_error($con));
    $stmt = mysqli_prepare($con, "INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
    mysqli_stmt_bind_param($stmt, 'ssss', $_POST['name'], $_POST['lastname'], $_POST['username'], $_POST['password']);
    if (!mysqli_stmt_execute($stmt))
    {
        echo "Execute failed";
    }else{
        echo "Execute succeeded";
    }
    mysqli_stmt_close($stmt);
}

BTW you seem to be storing the plaintext password. This is not advisable - you should store a hashed version, e.g.

$pw = hash($algo, $_POST['password']); //where $algo is the hashing algorithm of your choice e.g. "sha256"

In addition to this, you should use a 'salt' for added security.

Another issue - you only have the one password field in your form. You should always provide two in order to obviate (as far as possible) any typos by comparing them.

Dont work again :/
Here at values

 VALUES (?, ?, ?, ?)");

does it need to be like that or i need to change it ?
Also where to put that $pw = hash ?

Member Avatar

diafol

It needs to be like that.

$pw... that will be placed before the prepare method/function and then you use $pw instead of $_POST['password']

So do you get "Execute failed" or "Execute succeeded" ?

Member Avatar

diafol

Nothing obvious.