Please help....i want to save a user to my database..using wampserver...

<form method="POST" action="">
    <center><br>
<H1>USER REGISTRATION</H1>
        <table>   
    <tr>
        <td>User Id</td>
        <td><input type="text" name="userId"></td>
    </tr>
        <tr>
        <td>Lastname</td>
        <td><input type="text" name="lastname"></td>
    </tr>
         <tr>
        <td>Firstname</td>
        <td><input type="text" name="firstname"></td>
    </tr>
        <tr>
        <td>Middle Name</td>
        <td><input type="text" name="middleName"></td>
    </tr>
         <tr>
        <td>Suffix</td>
        <td><input type="text" name="suffix"></td>
    </tr>
        <tr>
        <td>Position</td>
        <td><input type="text" name="position"></td>
    </tr>
        <tr>
        <td>Privilege</td>
        <td><select name="priv">
                        <option>Administrator</option>
                        <option>User</option>
                    </select>
                </td>
        </tr>
        <tr>
        <td>Username</td>
        <td><input type="username" name="username" ></td>
         </tr>
        <tr>
        <td>Password</td>
        <td><input type="password" name="password" ></td>
        </tr>
         <tr>
                <td></td>
                <td><input type="submit" name="save" value="Save"></td>
        </tr>
</table>
</form>


<?php
 include '../config/connect.php';
if (isset($_POST['save']))
                {
                    $userId=  strtoupper($_POST['userId']);
                    $lastname=  strtoupper($_POST['lastname']);
                    $firstname=strtoupper($_POST['firstname']);
                    $middleName=  strtoupper($_POST['middleName']);
                    $suffix=  strtoupper($_POST['suffix']);
                    $position=  strtoupper($_POST['position']);
                    $privilege=strtoupper($_POST['priv']);
                    $userName=$_POST['username'];
                    $password=$_POST['password'];


                     $query = "INSERT INTO users
                    VALUES (Null,'$userId',
                        '$lastname',
                        '$firstname',
                        '$middleName',  
                        '$suffix',
                        '$position',
                        '$privilege',
                        '$userName',  
                        '$password')";
            $result = mysqli_query($query);
            if ($result)
            {
                echo "<center>Successfully Saved!</center>";
            }
            else
            {
                echo "<center>User Account Saving Failed!</center>";
            }
        }    
 ?>

You haven't mentioned what is happening or included your code class so we don't have much to go on. I would suggest adding code to output PHP errors on the page and see what errors/warnings you get.

Normally you give a form an action - a script to run. The script gets the variables from the form, then does something with them.
<form method="POST" action="">
Yours doesn't. Action is empty.

Member Avatar

diafol

As the action property is empty, I'm assuming that you are sending to the form page itself. This is not the usual way of performing a form send. Usually form data is sent to a specific form handler script, usually in a different file. Otherwise, you get issues on page refresh / reload.

In addition, you are open to SQL Injection as you have not sanitized your user input nor used a prepared statement. See DW Tutorial: Common Issues with MySQL and PHP for options. Server-side data validation is also important, e.g. checking size and type of input.