Signup.php

<form name="sign-up" method="post" action="process.php?action=sign-up">
<h3><span>Sign-Up</span></h3>
<table width="100%" border="0" cellspacing="1" cellpadding="1">   
<thead> User Details </thead>
<tr>
      <th scope="row">*User ID :</th>
      <td><label for="playerid"></label>
      <input type="text" name="playerid" id="playerid" required="required"></td>
    </tr>
    <tr>
      <th scope="row">*Name :</th>
      <td><label for="playername"></label>
      <input type="text" name="playername" id="playername" required="required"></td>
    </tr>
    <tr>
      <th scope="row">*Mobile Number :</th>
      <td><label for="playermob"></label>
      <input type="text" name="playermob" id="playermob" required="required"></td>
    </tr>
    <tr>
      <th scope="row">*E-Mail :</th>
      <td><label for="playermail"></label>
      <input type="text" name="playermail" id="playermail" required="required"></td>
    </tr>    
    <tr>
      <th scope="row">Address :</th>
      <td><label for="playeraddress"></label>
      <textarea name="playeraddress" id="playeraddress" cols="45" rows="5"></textarea></td>
    </tr>   
    <tr>
      <th scope="row">&nbsp;</th>
      <td><input type="submit" name="cancel" id="cancel" value="Cancel">
      <input type="submit" name="submit" id="submit" value="Submit"></td>
    </tr>
    <tr>
      <th scope="row">&nbsp;</th>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <th colspan="2" scope="row">&nbsp;</th>
    </tr>
  </table>
</form>

Process.php

function signup()
{

   $playerid = $_POST['playerid'];
    $playername = $_POST['playername'];
    $playermob = $_POST['playermob'];
    $playermail = $_POST['playermail'];
    $playeraddress = $_POST['playeraddress'];

//  $playerid = mysqli_real_escape_string($playerid);
//  $playername  = mysqli_real_escape_string($playername);
//  $playermob  = mysqli_real_escape_string($playermob);
//  $playermail    = mysqli_real_escape_string($playermail);
//  $playeraddress    = mysqli_real_escape_string($playeraddress);

    $sql = "INSERT INTO bookit_participants (`userid`,`username`,`usermail`,`userphone`,`useraddress`)".
            "VALUES('".$playerid."','".$playername."','".$playermail."','$playermob','".$playeraddress."')";
     $result=mysqli_query($conn, $sql);
        echo $sql;
    if (!$result) {
        die('Could not update data: ' . mysqli_error());
    } else {
        echo "<script>
        alert('You are successfully registered..!! continue to the booking confirmation..!!!');
        </script>";
        header('Location: ../index.php');
    }
} //signup

Recommended Answers

All 9 Replies

  1. What is the result of echo $sql; (what is the actual sql query string)?
  2. Are you getting any error messages?

Tables for layout went out in the 90's. We use CSS now.

commented: Indeed +9

Not necessarily true, benanamen. Tables are no longer used for page layout (e.g. to create a sidebar by creating a table with two columns), but we still use them to represent tabular data. I use them quite often when I need to display stats or something that is clearly meant to be structured, tabular data.

That being said ...

You might have an SQL injection error. You should properly escape all the variables you're using within your query. What if one of them includes a quote?

@Dani, I should have added the word "page" which is what I meant. Tabular data is perfectly fine and is exactly what tables should be used for. But with that said, the OP should actually use prepared statements, not escape anything, as @alan.davies already mentioned.

I still find it funny that the place to go for online tech discussion (Hacker News) still uses nested tables for all layout. I know it's wrong but it works pretty well.

These days CSS Grid does everything tables does better and in a responsive manner.

@Reverend Jim, This is only a testing phace.
echo $sql; used to know the output of the sql query. So i can confirm their is no issue with data transfer.

Tables are used only for testing. after i get an working model we can transfer the layout to css.

So please help is there any wrong in the code. The same sql statement is working it self in the signup.php page. But its not working from the process.php

mysqli_real_escape_string needs two paramters

commented: Ah, true! You also need to pass in the connection. +16
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.