0

Hello everyone, im trying to make a registration system with PHP and MySQL but im not going well i just created table and i have writed the code well but there is something wrong the inputs don't send that data into database i have tryed much different ways of doing it but still cant be posted nothing in to database. Here is the code:

<form method='post'>
                    Name: <input type="text" name="name" color='#4DFF4D' placeholder='Your Real Name' /><br>
                    Last Name: <input type="text" name="lastname" color='#4DFF4D' placeholder='Your last name' /><br>
                    Username: <input type="text" name="username" color='#4DFF4D' placeholder='Choose Username' /><br>
                    Password: <input type="password" name="password" color='#4DFF4D' placeholder='Choose Password' /></font>
                    <input style="border-radius:8px;" type="image" class="new_account" name="submitb" src="NewAccount.png" alt="NewAccount" height='50' width='250px'>
                </form>
                <?php
                    if(isset($_POST['name']))
                    {
                        $con=mysqli_connect("$mysql_host","$mysql_database","$mysql_password ","$mysql_user ");
                        if (mysqli_connect_errno())
                        {
                            echo "Failed to connect to MySQL: ".mysqli_connect_error();
                        }
                        $sql="INSERT INTO Members (Name, Lastname, Username, Password)
                        VALUES
                        ('$_POST[name]','$_POST[lastname]','$_POST[username]','$_POST[password]')";
                        if (!mysqli_query($con,$sql))
                        {
                            die('Error: '.mysqli_error($con));
                        }
                        mysqli_close($con);
                    }
                    ?>

Thank you for helping me !

Edited by Stefan_1: misstake

2
Contributors
12
Replies
34
Views
3 Years
Discussion Span
Last Post by diafol
0

A few pointers:

 $con=mysqli_connect("$mysql_host","$mysql_database","$mysql_password ","$mysql_user ");

No need for quotes - and I think you've got the order wrong. Also note the extra space for the user - that will cause it to fail - so no quotes.

$con = mysqli_connect($host,$user,$pw,$db) or die("Error " . mysqli_error($con));

Also although you use mysqli, you're not protecting yourself from SQL injection. Use parameterized queries (?):

$stmt = $mysqli->prepare("INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
$stmt->execute();

//EDIT
Sorry just remembered, you're using procedural mysqli not OOP. So here's procedural:

$stmt = mysqli_prepare($con, "INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
mysqli_stmt_execute($stmt);

Edited by diafol

0

Actually this line

 $con=mysqli_connect("$mysql_host","$mysql_database","$mysql_password ","$mysql_user ");

is good i just change the values for the forum post.

0

I have maked some changes but still cannot read into database .. :/

<?php
                    if(isset($_POST['name']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['password']))
                    {
                        $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB");
                        if (mysqli_connect_errno())
                        {
                            echo "Failed to connect to MySQL: ".mysqli_connect_error();
                        }
                        $stmt = $mysqli->prepare("INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
                        $stmt->bind_param('ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
                        $stmt->execute();

                        if (!mysqli_query($con,$stmt))
                        {
                            die('Error: '.mysqli_error($con));
                        }
                        mysqli_close($con);
                    }
                    ?>

Edited by Stefan_1

0

My whole registration script if you can make changes here so ill just copy and paste to test it :/ THANK YOU

<html>
<body bgcolor='red'>
<title>Register</title>
<style>
    font.position_font {
        position:absolute;
        left:20%;
    }
    input.new_account {
        position:absolute;
        left:20%;
        top:80%;
    }
</style>
<form>
<font size="6">
    <div style="opacity:1; position:absolute; border-radius:30px; width:30%; left:20%; top:20%; height:50%; background-color:white; border:10px solid gray;">
        <strong>
            <center>
                <font face='Comic Sans MS' color='blue'>Register</font>
                <hr>
                <font size='3' color='black' class='position_font'>
                <form method='post'>
                    Name: <input type="text" name="name" color='#4DFF4D' placeholder='Your Real Name' /><br>
                    Last Name: <input type="text" name="lastname" color='#4DFF4D' placeholder='Your last name' /><br>
                    Username: <input type="text" name="username" color='#4DFF4D' placeholder='Choose Username' /><br>
                    Password: <input type="password" name="password" color='#4DFF4D' placeholder='Choose Password' /></font>
                    <input style="border-radius:8px;" type="image" class="new_account" name="submitb" src="NewAccount.png" alt="NewAccount" height='50' width='250px'>
                </form>
                <?php
                    if(isset($_POST['name']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['password']))
                    {
                        $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB");
                        if (mysqli_connect_errno())
                        {
                            echo "Failed to connect to MySQL: ".mysqli_connect_error();
                        }
                        $stmt = mysqli_prepare($con, "INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
                        mysqli_stmt_bind_param($stmt, 'ssss', $_POST[name], $_POST[lastname], $_POST[username], $_POST[password]);
                        mysqli_stmt_execute($stmt);

                        if (!mysqli_query($con,$stmt))
                        {
                            die('Error: '.mysqli_error($con));
                        }
                        mysqli_close($con);
                    }
                    ?>
        </strong>
    </div>
</font>
</form>
</body>
</html>
0

I'm assuming that you've got your own details here:

 $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB");

not the values in the manual?

0

Yeah they are not the real, i'm using other, im just changing for the security reasons ...

0
if(isset($_POST['name']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['password']))
{
    $con=mysqli_connect("MyHost","MyUser","MyPass","MyDB") or die('BAD CONNECTION:' .  mysqli_error($con));
    $stmt = mysqli_prepare($con, "INSERT INTO `Members` (`Name`, `Lastname`, `Username`, `Password`) VALUES (?, ?, ?, ?)");
    mysqli_stmt_bind_param($stmt, 'ssss', $_POST['name'], $_POST['lastname'], $_POST['username'], $_POST['password']);
    if (!mysqli_stmt_execute($stmt))
    {
        echo "Execute failed";
    }else{
        echo "Execute succeeded";
    }
    mysqli_stmt_close($stmt);
}

BTW you seem to be storing the plaintext password. This is not advisable - you should store a hashed version, e.g.

$pw = hash($algo, $_POST['password']); //where $algo is the hashing algorithm of your choice e.g. "sha256"

In addition to this, you should use a 'salt' for added security.

Another issue - you only have the one password field in your form. You should always provide two in order to obviate (as far as possible) any typos by comparing them.

0

Dont work again :/
Here at values

 VALUES (?, ?, ?, ?)");

does it need to be like that or i need to change it ?
Also where to put that $pw = hash ?

0

It needs to be like that.

$pw... that will be placed before the prepare method/function and then you use $pw instead of $_POST['password']

So do you get "Execute failed" or "Execute succeeded" ?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.