-2

My PHP page inserts blank fields into my database. I am using multiple forms to get my information and the database is still receiving and displaying blank data. Please can some one help.

My code for the PHP is:

<div id="User_username_input">

    <div id="User_username_inputleft"></div>

    <div id="User_username_inputmiddle">
    <form action='VerifyLogin.php' method='post'>
        <input type="text" name="username" id="url" value="User Name" onclick="this.value = ''">
        <img id="User_url_user" src="./images/mailicon.png" alt="">
    </form>
    </div>

    <div id="User_username_inputright"></div>

</div>


<div id="submit">
    <form action='VerifyLogin.php' method='post'>
    <input type="image" src="./images/submit_hover.png" id="submit1" value="fign In">
    <input type="image" src="./images/submit.png" id="submit2" value="Sign In">
    </form>
</div>

The page that post this data to the database is shown below:

<?php

include("verifyconect.php");

$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];

$insert = 'INSERT INTO verify (username, email, password, confirm_password) VALUES ("'.$username.'", "'.$email.'", "'.$password.'", "'.$confirm_password.'")';

mysql_query($insert);

echo "You have verified your details, Thank you";

?>

verifyconnect.php links the information to the database, so the code for it is not important. Please any help would be appreciated.

Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
Ikenna Ezindu
  • 11
  • 4
  • 5
    You've posted your HTML twice rather than the PHP. – Andy G May 17 '14 at 15:30
  • Even if it's not the `onclick="this.value = ''"` part that's causing it, it would be much better to use the [`placeholder`](http://davidwalsh.name/html5-placeholder) attribute instead. – JJJ May 17 '14 at 15:30
  • 3
    You should rewrite this completely. Now you have an sql injection problem, you are using deprecated database functions and you are storing a plain-text password. – jeroen May 17 '14 at 15:34
  • except username you dont have any other values in form – ɹɐqʞɐ zoɹǝɟ May 17 '14 at 15:38
  • Add error reporting to the top of your file(s) `error_reporting(E_ALL); ini_set('display_errors', 1);` – Funk Forty Niner May 17 '14 at 15:39
  • By the way, you're using two forms using the same action; which one is it? – Funk Forty Niner May 17 '14 at 15:40
  • You have SQL injection as the client can input anything they want to the database via. the $_POST['someVariable'] and you are using a deprecated mysql_* api. Search either and you will be awarded with code to refactor. After refactor you will feel much better and anyone looking at the code will not be distracted by it. The issue you are trying to solve is minor compared with the problems the security holes and use of deprecated mysql_* functions inforce. – Ronni Skansing May 17 '14 at 15:41
  • 1
    @jeroen Not just storing the plain-text password once, but *twice* for good measure! – nobody May 17 '14 at 16:44

1 Answers1

0

The most fundamental problem is you are using 2 forms when only one is needed. All elements must be placed in the single form for them to be sent via POST correctly. So change your HTML to this:

<div id="User_username_input">

    <div id="User_username_inputleft"></div>

    <div id="User_username_inputmiddle">
    <form action='VerifyLogin.php' method='post'>
        <input type="text" name="username" id="url" value="User Name" onclick="this.value = ''">
        <div id="submit">
          <input type="image" src="./images/submit_hover.png" id="submit1" value="fign In">
          <input type="image" src="./images/submit.png" id="submit2" value="Sign In">
        </div>
        <img id="User_url_user" src="./images/mailicon.png" alt="">
    </form>
    </div>

    <div id="User_username_inputright"></div>

</div>

The explanation using your code boils down to this. Removing your DIV’s for clarity.:

<form action='VerifyLogin.php' method='post'>
    <input type="text" name="username" id="url" value="User Name" onclick="this.value = ''">
</form>

<form action='VerifyLogin.php' method='post'>
  <input type="image" src="./images/submit_hover.png" id="submit1" value="fign In">
  <input type="image" src="./images/submit.png" id="submit2" value="Sign In">
</form>

Look at the two form areas. If you hit submit then it only parses the values in that second form which only has submit buttons. The first form with the username lives in it’s own separate world that will never be summated since it has 100% no submit button.

But past that your code is a mess & needs a lot of refactoring. Also—and I bet I will not be the only one saying this—but you should replace all your calls using mysql_* extensions to mysqli_* extensions since not only is mysql_* depreciated as of PHP 5.3, but is completely gone in PHP 5.5. More details here.

Community
  • 1
  • 1
Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
  • I have ammended the code, and made it a single form page. But the error remains please what else can i do to get it sorted. What do you mean by replace all my calls please? – Ikenna Ezindu May 17 '14 at 16:29
  • @IkennaEzindu I have helped as best I can. But regarding this, “What do you mean by replace all my calls please?” You are using commands that will no longer work in future PHO versions. You should replace all your calls using `mysql_*` extensions to `mysqli_*` extensions since not only is `mysql_*` depreciated as of PHP 5.3, but is completely gone in PHP 5.5. More details here: http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – Giacomo1968 May 17 '14 at 16:31
  • 1
    Thanks @JakeGould, your suggestion works, i deleted the other submit and it works now..Many thanks. – Ikenna Ezindu May 17 '14 at 16:36