-1

i have just started php and html and i am creating a small game for personal use. Anyways, i wrote a script were you simply enter data to create an account and then you submit it:

<?php include 'header.php';
?>


<br>
<br>
<br>
<table border="1" align="center" cellpadding='25'>
<tr>
<td align='middle'>
<form method='POST' action='insertuser.php' align= 'right'>
Username: <input type='username' name='username'> <br> 
Password: <input type='password' name='password'> <br>
Confirm Password: <input type='Password'> <br>
Email: <input type='username'> <br>
<input type='submit' name='submit' align = 'center'>

</td>
</tr>
</table>

    <
<table align='right'>
<tr>
<td>
<image src='stillneedimage(square).jpg'>
</td>
</tr>
</table>


<table align='left'>
<tr>
<td>
<image src='stillneedimage(square).jpg'>
</td>
</tr>
</table>



</body>
</html>

then i created a database withh phpmyadmin and inside it i have a table called members. there are currently 4 tables inside the database, id, username, password, and rank. finally i created another script that inserts data the user entered into the database:

<?php

include_once "mysqlconnecter.php";
$username1 = $_POST ['username'];
$password1 = $_POST ['password'];


mysql_query("INSERT INTO members Values ('','$username1','$password1','' ") or
     die('could not insert member, please try again');



?>

its not done but its job is to insert data into the database. when i run the script it gives me this error:

Notice: Undefined index: username in E:\PortableApps\xampp- 
portable\htdocs\xampp\insertuser.php on line 4

Notice: Undefined index: password in E:\PortableApps\xampp-
portable\htdocs\xampp\insertuser.php on line 5
could not insert member, please try again

What am i possibly doing wrong?

Grobbed
  • 317
  • 2
  • 12
  • For one thing, you forgot to close your ``. It's not in your code, or did you leave/forget it out? That alone will cause you problems. – Funk Forty Niner Aug 03 '13 at 19:39
  • those are only notices, that is not a problem to insert your data to table... can you share us output of mysql_error ( http://www.php.net/manual/en/function.mysql-error.php ). i think there could be a problem with your table defination. – tanaydin Aug 03 '13 at 19:47
  • Plus you have a stray `<` in `< `
     – Funk Forty Niner Aug 03 '13 at 19:47
  • @tanaydin - yes it just warnings, but warnings are there for a reason as well. In this case if those indexes are undefined execution of the DB will fail (or in best case don't work as expected) – bestprogrammerintheworld Aug 03 '13 at 19:52

7 Answers7

2

You are accessing the wrong name in $_POST

$username1 = $_POST ['username'];
$password1 = $_POST ['password'];
AndrewK
  • 717
  • 5
  • 11
1

You are using name="username" not username1 as in your PHP.

$username1 = $_POST['username'];
$password1 = $_POST['password'];

also the type is wrong.

pajaja
  • 2,164
  • 4
  • 25
  • 33
1

Your type in your input tag should be "text":

Username: <input type='text' name='username'> <br>

And the name you are getting from $_POST has to match the name in your form:

$username1 = $_POST ['username'];
Expedito
  • 7,771
  • 5
  • 30
  • 43
1

Change this:

 $username1 = $_POST ['username1'];
 $password1 = $_POST ['password1'];

Into this

 $username1 = $_POST['username'];
 $password1 = $_POST['password'];

The HTML form inputs are called 'username' and 'password', these names are passed to the $_POST variable.

Now, you don't sanitize your database inputs. Try creating a user named bobby'); DROP TABLE members;--. Be sure to back up the members table. (spoiler: it will drop your table)

For more information on how to prevent this, see How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
AmazingDreams
  • 3,136
  • 2
  • 22
  • 32
0

First of all,

There is no input type="username". What you should use is input type="text".

Secondly, there are no elements in the HTML form with their name attributes set to "username1" or "password1". I hope you have noticed that. So modify the PHP file accordingly.

And you'll face a lot of errors even after this. This is because before executing a MySQL query, you need to actually CONNECT to the database.

So read up a little bit, and only then try this out.

Cheers!

kkaosninja
  • 1,301
  • 11
  • 21
0

There is no errors in your posted code except a closing tag of form. I copied the same code and is working perfectly. What I changed is,

<html>

<head>
<title>Althaf</title>
</head>

<body bgcolor="gray">
<b>Welcome to <i>html</i></b><br>
<?php include 'header.php';
?> 
<br>
<br>
<br>
<table border="1" align="center" cellpadding='25'>
<tr>
<td align='middle'>
<form method='POST' action='insertuser.php' align= 'right'>
Username: <input type='username' name='username'> <br> 
Password: <input type='password' name='password'> <br>
Confirm Password: <input type='Password'> <br>
Email: <input type='username'> <br>
<input type='submit' name='submit' align = 'center'>

</td>
</tr>
</table>

    </form><!-- Here was the missing tag-->
<table align='right'>
<tr>
<td>
<image src='stillneedimage(square).jpg'>
</td>
</tr>
</table>


<table align='left'>
<tr>
<td>
<image src='stillneedimage(square).jpg'>
</td>
</tr>
</table>



</body>
</html>

And in insertuser.php,

<?php


$username1 = $_POST ['username'];
$password1 = $_POST ['password'];


echo $username1;
echo $password1;


?>

I'm getting fields. So, may be further errors inside the DBconnecting php.

Nizam
  • 5,698
  • 9
  • 45
  • 57
0

To avoid problems within your form, add </form> - tag and change to type='text'. the type-attribute tells what type of element, not what name the element is identified as. You have name-attribute for that.

<table border="1" align="center" cellpadding='25'>
<tr>
<td align='middle'>
<form method='POST' action='insertuser.php' align= 'right'>
Username: <input type='text' name='username'> <br> 
Password: <input type='text' name='password'> <br>
Confirm Password: <input type='text' name='confirmPassword'> <br> <!-- changed name -->
Email: <input type='text' name='username'> <br>
<input type='submit' name='submit' align = 'center'>
</form> <!--added here -->
</td>
</tr>
</table>

Looking at your insertuser.php

<?php
include_once "mysqlconnecter.php";
$username1 = $_POST ['username'];
$password1 = $_POST ['password'];

mysql_query("INSERT INTO members Values ('','$username1','$password1','' ") or
     die('could not insert member, please try again');
?>

I notice some things. The first is the qutoes for the user of memberID? I guess that is and INt (probably autoincrement) and in that case you wouldn't have to include that field at all. Secondly you missed out a parenthesis in the actual insert-statement.

<?php
include_once "mysqlconnecter.php";
$username1 = $_POST ['username'];
$password1 = $_POST ['password'];

mysql_query("INSERT INTO members Values ('$username1','$password1','')") or
     die('could not insert member, please try again');
?>

And maybe the most important part is that you have to sanitize data so that unwanted data doesn't get to the database. The easisest check you can do (and should do) is to at least check if the elements are assigned:

<?php
include_once "mysqlconnecter.php";
$username1 = $_POST ['username'];
$password1 = $_POST ['password'];

if (isset($username1) && isset($password1)) { //Execute query only if username and password are given/exists
  /* PUT IN CODE HERE 
    for sanizting username and password with certain rules
    and comparing field password with confirmPassword
  */
    mysql_query("INSERT INTO members Values ('$username1','$password1','')") or
     die('could not insert member, please try again');
}
?>

In this way you shouldn't get those errors you're describing. Also check value of confirmPassword with password to see if they are equal (if you don't do that the confirmPassword-field is useless)

I would really recommend switching from mysql_* functions to PDO or mysqli, because mysql_* functions are deprecated (meaning that those functions won't work in the future).

bestprogrammerintheworld
  • 5,417
  • 7
  • 43
  • 72