Input values aren't being stored in a MySQL database

Question

I've created a simple login form. I'm not able to store user input values at the back-end. Here's the full code for your reference:

dp.php

<?php
    $dbc = mysqli_connect('localhost', 'root', '', 'list') or trigger_error(mysqli_error());
    $first_name = $_POST['firstname'];
    $last_name = $_POST['lastname'];
    $email = $_POST['email_id'];
    $password = $_POST['password'];
    $query = "INSERT INTO login_list (first_name, last_name, email,password) VALUES ('$first_name', '$last_name', '$email','$password')";
    mysqli_query($dbc, $query) or trigger_error(mysqli_error($dbc));
    echo 'login created';
    mysqli_close($dbc);
?>

Could you post HTML code of your form which includes input named firstname, lastname, etc. ? — Aycan Yaşıt, Nov 25 '14 at 09:41
Your code is vulnerable to SQL-Injections, pls. also have a look at this post: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php/60496#60496 — MBaas, Nov 25 '14 at 09:44
mypage
Sign up
First Name Last Name
Password :
Email-Id :

@aycan yasit — Perumal Bs, Nov 25 '14 at 10:24

score 0 · Answer 1 · answered Nov 25 '14 at 09:45

0

remove single quote from php variable

$query = "INSERT INTO login_list (first_name, last_name, email,password) VALUES ($first_name, $last_name, $email,$password)";

answered Nov 25 '14 at 09:45

Rafiqul Islam

1,636
1
12
25

score 0 · Answer 2 · answered Nov 25 '14 at 09:46

if your data contain string that will put in "" or ''

 $query = "INSERT INTO login_list (first_name, last_name, email,password) VALUES 
     ('".$first_name."','".$last_name."', '".$email."','".$password."')";

i hope this will solve your problem if $_POST get correct data . you have to concat string at that time

Input values aren't being stored in a MySQL database

dp.php

Sign up

2 Answers2