0

The form and code work without any problems, the form data does not insert into the database for some reason. I have already tried changing the INSERT INTO part but it does not work. 

if ($_POST['submit']){

if (!$_POST['email']) $error.="<br />please enter your email";
else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) $error.="<br />please enter valid email address";

if(!$_POST['password']) $error.="<br />please enter your password";
else {

    if(strlen($_POST['password'])<8) $error.="<br />please enter password with 8";
    if (!preg_match('`[A-Z]`', $_POST['password'])) $error.="<br />please include at least one captial letter";
}
if ($error) echo "<br />There were errors in your singup details".$error;
else{
    $link = mysqli_connect("localhost", "root", "root", "test");
    $query="SELECT * FROM users WHERE email='".mysqli_real_escape_string($link, $_POST['email'])."'";
    $result = mysqli_query($link,$query);
    $result = mysqli_num_rows($result);

    if ($result) echo"That email already resgitered";
    else{
        $query= "INSERT INTO `users` (`email`, `password`) VALUES ('".mysqli_real_escape_string($_POST['email'])."','".md5(md5($_POST['email'].$_POST['password']))."')";


     mysqli_query($link, $query);
     echo "Signed up!";


    }
}
}
user4258493
  • 31
  • 3
  • **WARNING**: When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). You also **urgently** need to read up on [proper password handling procedures](http://www.phptherightway.com/#security) because using MD5 is an automatic fail on even the most cursory of audits. – tadman Nov 25 '14 at 18:22
  • This is so wrong `'".md5(md5($_POST['email'].$_POST['password']))."'` - Add `or die(mysqli_error($link))` to `mysqli_query()`. – Funk Forty Niner Nov 25 '14 at 18:26
  • Also add error reporting to the top of your file(s) right after your opening ` – Funk Forty Niner Nov 25 '14 at 18:28
  • If you add hard values to the query, the script insert the values into the database? – JuanSedano Nov 25 '14 at 18:30
  • How do you expect users to login with their email address being MD5'd? You're going to have to rethink this. – Funk Forty Niner Nov 25 '14 at 18:34
  • Please do not ever use MD5 for hasing passwords. [Use bcrypt.](http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php) For more information on security, try visiting the [Security Stack Exchange](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure/19908#19908) –  Nov 25 '14 at 18:37

2 Answers2

0

Try with this:

$query = sprintf("INSERT INTO `users` (`email`, `password`)
                            VALUES ('%s', '%s')"
              ,mysqli_real_escape_string($link,$_POST['email'])
              ,mysqli_real_escape_string($link,md5(md5($_POST['email'].$_POST['password']))));
mysqli_query($link, $query);

Hope works for you.

JuanSedano
  • 1,025
  • 8
  • 14
  • I found a solution by Opening phpmyadmin and going to the 'More' Tab and select 'Variables' submenu. Scroll down to find sql mode. Edit sql mode and remove 'STRICT_TRANS_TABLES' Save it.Thanks – user4258493 Nov 25 '14 at 18:47
0

On phpmyadmin More settings then from there click on variables then scroll to sql mode and remove 'STRICT_TRANS_TABLES' Save it.

user4258493
  • 31
  • 3