HTML/PHP Form Problems

Question

I'm relatively new to web coding, but I know quite a bit, I was making a registration form earlier, which also checks if the fields are empty. It comes up OK, but nothing seems to work, when the fields are empty, the message doesn't come up, and when the fields are fine, it just loads but doesn't actually insert it into the database. Also, once I press the submit button, the form just disappears as well. Any help would be much appreciated.

<form method="post">
<?php
if(isset($_POST['submit'])){
    $username=$_POST['username'];
    $password=$_POST['password'];
    $password=md5(hash("sha512",$password));
    if(empty($username) or empty($password)){
        $message="Please enter information into the fields.";
    } else {
        mysql_query("INSERT INTO `users` VALUES('',$username,$password)");
        $message="Register successful!";
    }
    echo "<div id='box>$message</div>";
}
?>
Username: <input type="text" name="username" /><br>
Password: <input type="password" name="password" /><br>
<input type="submit" name="submit" value="Sign Up">
</form>

Stop using `mysql_*` functions, it will be deprecated soon. And you have to `escape` the inputs from the user's input. — kpmDev, Feb 22 '14 at 18:26
read this: http://in2.php.net/manual/en/mysqli.real-escape-string.php — kpmDev, Feb 22 '14 at 18:35
just change `$username= mysql_real_escape_string($_POST['username']);$password=mysql_real_escape_string($_POST['password']);` http://in2.php.net/mysql_escape_string But i suggest to use `mysqli` or `PDO`. — kpmDev, Feb 22 '14 at 18:40

score 2 · Answer 1 · edited May 23 '17 at 10:28

2

It looks like you are not printing out mysql errors, you just need to add or die(mysql_error()); at the end of the query as in my example i did. Anyway you should surround your strings with quotes. The page came out blank when you press because if condition is met. So change as follow

mysql_query("INSERT INTO `users` VALUES('','$username','$password')") or die(mysql_error());

As side note i would stop using mysql_ function since they are derecated and use instead either PDO or mysqli with prepared statements to avoid any risk of mysql injections since your code is highly vulnerable. LEARN MORE HERE

As CodeBird correctly stated

md5 of an empty string will return a 32 chars string, so the password you are testing will never be empty

edited May 23 '17 at 10:28

Community

1
1

answered Feb 22 '14 at 16:59

Fabio

23,183
12
55
64

You should add that md5 of an empty string, returns a 32 chars string, so actually the password he's testing is never empty – CodeBird Feb 22 '14 at 17:03
Hi, I changed the query but I am getting the error of 'No Database Selected' - however, this is my connect code, what is wrong with it? $con = mysqli_connect("localhost","root","password","follow"); – poseidon Feb 22 '14 at 17:23
So you are not connected to database, check this http://stackoverflow.com/questions/6326696/connecting-to-mysql-using-php – Fabio Feb 22 '14 at 17:24
So add the second part about `mysql_select_db` – Fabio Feb 22 '14 at 18:06

score 1 · Answer 2 · answered Feb 22 '14 at 17:02

1

Change the query statement to

mysql_query("INSERT INTO `users` VALUES('','$username','$password')");

Start using mysqli_* functions instead of mysql_* as the latter are deprecated

answered Feb 22 '14 at 17:02

rakeshjain

1,791
11
11

score 1 · Answer 3 · answered Feb 22 '14 at 17:22

check this out "(`id`, `username`, `password`)" example column name use what you have made it.
<?php
if(isset($_POST['submit']))
{
    $username=$_POST['username'];
    $password=$_POST['password'];
    enter code here
    if(empty($username) || empty($password)){
        $message="Please enter information into the fields.";
    } else {
        $password=md5(hash("sha512",$password));
        mysql_query("INSERT INTO `users` (`id`, `username`, `password`) VALUES('','$username','$password');");
        $message="Register successful!";
    }
    echo "<div id='box'>".$message."</div>";
}
?>
<form method="post" action="">
    <input type="text" name="username" /><br>
    <input type="password" name="password" /><br>
    <input type="submit" name="submit" value="Sign Up">
</form>

score 0 · Answer 4 · answered Feb 22 '14 at 16:59

0

Your insert query is wrong, use:

INSERT INTO tablename (col1, col2) VALUES('data1', 'data2' )

Or you can use

INSERT INTO tablename SET col1 = "data1", col2 = "data2"

answered Feb 22 '14 at 16:59

Gus de Boer

401
12
23

score 0 · Answer 5 · answered Feb 22 '14 at 17:01

0

You are having an issue because you are misusing empty()

A variable is considered empty if it does not exist or if its value equals FALSE

Also you should use double-pipes || for or in your if()

This:

if(empty($username) or empty($password)){

Should be:

if($username === '' || $password === ''){

answered Feb 22 '14 at 17:01

MonkeyZeus

20,375
4
36
77

Hi, I just did that, and tried it but as I said in the question, the area is going blank, so still no error message, is there any way to solve this? – poseidon Feb 22 '14 at 17:25

HTML/PHP Form Problems

5 Answers5