0

I'm new in using PHP

here's my HTML

<html>
<head>
<link rel="stylesheet" type="text/css" href="design.css">
</head>
<form action="process.php" method="post">
<body>
Username: <input type="text" name="username" maxlength="45" ><br>
Password: <input type="text" name="password" maxlength="45"><br>
Confirm Password: <input type="text" name="password" maxlength="45"><br><br>

First Name: <input type="text" name="first_name" maxlength="45"><br>
Middle Name: <input type="text" name="middle_name" maxlength="45"><br>
Last Name: <input type="text" name="last_name" maxlength="45"><br>
Birthday: <input type="text" name="birthday" maxlength="45"><br>
E-Mail: <input type="text" name="email_add" maxlength="45"><br><br>

<input type="submit" value="SAVE" style="width: 120px;height: 25px;">
</body>
</form>
</html>

and here's my PHP

<?php
$con=mysqli_connect("localhost","root","","sampledb");

if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$sql="INSERT INTO account (username, password, confirm_pwd, first_name,
                       middle_name, last_name, birthday, email_add) VALUES
('$_POST[username]','$_POST[password]','$_POST[confirm_pwd]',
'$_POST[first_name]','$_POST[middle_name]','$_POST[last_name]',
'$_POST[birthday]','$_POST[email_add]')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "1 record added";

mysqli_close($con);
?>

Where did I go wrong? Can anyone tell me? Did I do something wrong? When I try to save it, it just redirects to process.php, I checked the db but it didn't insert any data to the database.

icedwater
  • 4,701
  • 3
  • 35
  • 50
blue
  • 11
  • 1
  • Your input fields are not the same with the $_POST keys, also you have two name="password" fields – Royal Bg Sep 05 '13 at 09:43
  • W3schools is considered an awful reference site and, if it really taught you to write code vulnerable to SQL injection, you should absolutely drop it. Now, care to explain what output you get? – Álvaro González Sep 05 '13 at 09:44
  • @AlvaroG.Vicario nothing. it just redirects me to process.php nothing more. – blue Sep 05 '13 at 10:07
  • Strictly speaking, questions like "My code isn't working" are sure offtopic here. – Your Common Sense Sep 05 '13 at 10:21
  • A blank page means that your script is throwing an error but you haven't configured PHP to display error messages. That's something you need to fix before you go further; it's impossible to code without the aid of error messages. Here's a [brief explanation](http://stackoverflow.com/a/5680885/13508). – Álvaro González Sep 05 '13 at 10:41

1 Answers1

0

You can get your posted variable using below code.

$_POST['username']
-------^--------^--

wrap posted field name into single or double quote otherwise it will counted as constant.

Edit

$sql="INSERT INTO
account
(
    username,
    password,
    confirm_pwd,
    first_name,
    middle_name,
    last_name,
    birthday,
    email_add
)
VALUES
(
    '".$_POST['username']."',
    '".$_POST['password']."',
    '".$_POST['confirm_pwd']."',
    '".$_POST['first_name']."',
    '".$_POST['middle_name']."',
    '".$_POST['last_name']."',
    '".$_POST['birthday']."',
    '".$_POST['email_add']."'
)";

Edit As per Comment

You have two field with same name as password so make change accordingly,

Dipesh Parmar
  • 27,090
  • 8
  • 61
  • 90
  • It still doesn't solve the problem, where the OP has two fields with name = "password" and non with "confirm_pwd" – Royal Bg Sep 05 '13 at 09:49
  • It seems for me like a main one, bacause key names in global scope of double quotes, and without single quotes are still used and interpolated, thus `"... $_POST[username] ..."` is still a valid one – Royal Bg Sep 05 '13 at 09:51
  • @DipeshParmar thank you for that quick respond,i tried what you said and it still didn't change anything. The data are not inserted to the database – blue Sep 05 '13 at 10:04
  • @blue have you changed input name which are repeating .? – Dipesh Parmar Sep 05 '13 at 10:06
  • @DipeshParmar I actually deleted that field `confirm_pwd` in the database, but it still didn't changed anything. I just wanted to make it work, and see how does it work. So this is just a test. – blue Sep 05 '13 at 10:11
  • @DipeshParmar i already have, still, it didn't insert data into the DB – blue Sep 05 '13 at 10:49