-2

I've created a registration form using html and css and now I want to submit the data entered by the user into mysql database.

HTML Form Code:

<form method="post" name="newuser_frm" onSubmit= "return validate();" action="reg.php">                </p>
<p>
   first name*:<br><input type="text" name="firstname">
   last name*:<br> <input type="text" name="lastname">
    <br>
   new username*:<br><input type="text" name="newusername">
    <br>
   new password*:<br><input type="password" name="newpassword">
    <br>
   Email*:<br><input type="email" name="email">
    <br><br>
   Sex*:<br>
    <input type="radio" name="sex" value="male">Male
    <input type="radio" name="sex" value="female">female
    <br><br>
   <input type="submit" value="REGISTER">
    <br><br>
   (*)All fields are mandatory</p>
</form>

PHP Code:

<?php
include"config.php";
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$username=$_POST['newusername'];
$password=$_POST['newpassword'];
$email=$_POST['email'];
$query="INSERT into user (username,password,firstname,lastname,email)           VALUES('$username','$password','$firstname','$lastname','$email')";
mysql_query($query);
?>

I have no errors but also no records on the database, and I didn't see any errors. Could you help me detect the error or find the problem?

sanon
  • 6,403
  • 2
  • 21
  • 26
Akshay Aggarwal
  • 237
  • 1
  • 12
  • 1
    Does config.php connect to the database? – Emily Shepherd Apr 02 '14 at 15:14
  • 2
    You get no errors because you aren't checking for them – Hanky Panky Apr 02 '14 at 15:14
  • 2
    Don't use `mysql_` functions (deprecated). Try using PDO with prepared statements to prevent SQL injections. – Brewal Apr 02 '14 at 15:14
  • 1
    A quick debug : before your `mysql_query()` : `echo $query; exit();` then copy/paste your query into phpmyadmin. You will get your error. – Brewal Apr 02 '14 at 15:16
  • @CD001 Obviously it is, but don't you ever wrote this kind of code at your beginnings ? ;) – Brewal Apr 02 '14 at 15:22
  • **By building SQL statements with outside variables, you are leaving yourself open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. [This question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. You can also see http://bobby-tables.com/php for alternatives and explanation of the danger. – Andy Lester Apr 02 '14 at 15:24
  • @Brewal - honestly, my HTML was never that "messy" - ever. My first PHP was probably not a whole load better but StackOverflow didn't exist when I first moved to web code so, y'know, I did it the old fashioned way and actually read stuff. – CD001 Apr 02 '14 at 15:26
  • Your DB connection wouldn't happen to be `mysqli_*` based now, would it? If so, `mysqli_*` and `mysql_*` functions don't mix; which may very well be the issue. Check your table's column names as well. Make sure you don't have `first name` instead of `firstname` etc. If your DB connection is `mysqli_*` then change `mysql_query($query);` to `mysqli_query($query);` --- You also have radio buttons that you're not using in your query, so I don't know why you're using it in the first place. – Funk Forty Niner Apr 02 '14 at 15:27
  • You can also try changing `` to `` which I have seen in certain cases didn't work on certain browsers. This `onSubmit= "return validate();"` could also be at play. If you don't have the JS `validate()` function to go with it, remove it. – Funk Forty Niner Apr 02 '14 at 15:33
  • If you're waiting on some ***Magical Answer*** to just appear and to fix your problem, forget it. Work with us here. – Funk Forty Niner Apr 02 '14 at 16:16
  • sorry for the messed up code guys. Iam a beginner:) – Akshay Aggarwal Apr 03 '14 at 09:11
  • @fred-ii- it was mysqli_* so i changed mysql_query to mysqli_query but now iam getting error "mysqli_query() expects atleast 2 parameters 1 given in 'path of file'". – Akshay Aggarwal Apr 03 '14 at 09:18
  • @fred-ii- And yes i have a validate()function to go with. – Akshay Aggarwal Apr 03 '14 at 09:19
  • can anyone tell me how to get value from radio buttons to enter in the database? – Akshay Aggarwal Apr 03 '14 at 09:29
  • @user3489970 Depending on what your DB connection variable is, you'd need to do something like `mysqli_query($con,$query);` – Funk Forty Niner Apr 03 '14 at 14:21
  • I posted an answer for you below. If this resolved the problem, click the white checkmark (with grayed outline) next to my answer till it turns Green in order to close the question and mark as accepted. @user3489970 – Funk Forty Niner Apr 03 '14 at 14:51

1 Answers1

0

Since my hunch was correct about the DB connection being mysqli_* based, and OP confirms this.

Assuming your DB connection variable is $con

change:

mysql_query($query); to mysqli_query($con,$query);

mysqli_* and mysql_* functions do not mix together.

Or replace the xxx with your credentials using the code below:

<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');

$con = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");

$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$username=$_POST['newusername'];
$password=$_POST['newpassword'];
$email=$_POST['email'];
$query="INSERT into user (username,password,firstname,lastname,email) VALUES ('$username','$password','$firstname','$lastname','$email')";
mysqli_query($con,$query);
?>

To catch errors, place the following line of code before your DB connection code:

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

Adding the radio button value to your DB

In order to get the value of the radio button inserted in your DB, you will need to add a column in your table, something to the effect of "gender", then add this to your code:

$gender=$_POST['sex'];

and change your query to this: (I used gender as the column name)

$query="INSERT into user (username,password,firstname,lastname,email,gender) VALUES ('$username','$password','$firstname','$lastname','$email','$gender')";

Sidenote: Your present code is open to SQL injection.

I recommend you use prepared statements, or PDO

  • An example of preparing and binding for mysqli_ can be found HERE.

To add a bit of protection to your present code, change this line:

$firstname=$_POST['firstname'];

to:

$firstname = mysqli_real_escape_string($con,$_POST["firstname"]);

and do the same for the others. Again, assuming your DB connection variable is $con.

Since you are just beginning to get into coding:

Here are a few tutorials on prepared statements that you can study and try:

Here are a few tutorials on PDO:

Passwords

I also noticed that you are storing passwords in plain text. This is not recommended.

Use one of the following:

Other links:

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141