php registration form not submitting values to database and displaying a blank page (no errors)

Question

I finally got my registration page to work with no errors but now when I submit the form I just get a blank page with no errors whatsoever. The output should be a message, then i check the database and its still an empty set. Can anyone tell me where I am going wrong/how to fix?

Here is the code:

<?php
require_once __DIR__.'/config.php';

if($_POST[ 'username' ]!="") {
$username =($_POST["username"]);
$email =($_POST["email"]);
$password =($_POST["password"]);

$sql = "insert into users set username='".$username."', email='".$email."', password='".md5($password)."' ";
$sql =($sql);



$msg = 'Thank you for completing your online registration form!.';
}else{
$msg = "Registration failed";
}  

?>

EDIT: (Based on Yuva Raj answer)

require_once __DIR__.'/config.php';
session_start();

 $connection = mysqli_connect(DB_HOST,DB_USERNAME,DB_PASSWORD,DB_DATABASE);

    if(isset($_POST['submit'])) 
   {
    $username =$_POST["username"];
    $email =$_POST["email"];
    $password =$_POST["password"];



    $sql = "insert into users set username='".$username."', email='".$email."', password='".$password."' ";
    $result = mysqli_query($connection, $sql);

    if($result)
    {
      echo "successfully inserted";
    }
   else
    {
     echo "failed";
    }
    }

I have made some edits but it i sstill displaying blank and not entering anything to the database, I do understand i need to make it more secure, however, for the moment, I just want something to enter so I know it's working.

You are not executing any query but if you would, you would have an sql injection problem. You should switch to a prepared statement. What are you using, PDO or mysqli? And don't use `md5()` for passwords: http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords — jeroen, Apr 15 '15 at 09:15
Ok thanks, I shall have to investigate executing with PDO, this is quite new for me so I just wanted to make sure I had the basics. — stark, Apr 15 '15 at 09:42

Yuva Raj · Answer 1 · 2015-04-15T10:21:03.943

3

After

$sql = "insert into users set username='".$username."', email='".$email."', password='".md5($password)."' ";

you should add,

$result = mysqli_query($connection, $sql);

to execute.

Full code :

   $connection = mysqli_connect("localhost","username","password","databasename");

    if(isset($_POST['submit'])) // checks if form is submitted
   {
    $username =$_POST["username"];
    $email =$_POST["email"];
    $password =$_POST["password"];

     // use mysqli_real_escape_string for $username, $email, $password to escape special characters 

    $sql = "sql query comes here";
    $result = mysqli_query($connection, $sql);

    if($result)
    {
      echo "successfully inserted";
    }
   else
    {
     echo "failed";
    }

  }

EDIT :

Try an insert query like,

$query = "INSERT INTO `$table_name` (`username`, `email`,`password`) VALUES ('$username', '$email', '$password')";

Change your table_name, column names based on your need.

edited Apr 15 '15 at 10:21

answered Apr 15 '15 at 09:14

Yuva Raj

3,881
1
19
30

Does it make a difference that my connection is made using a config file? so i don't have the $connection statement. – stark Apr 15 '15 at 09:43
nope. If you some connection variable in config file and if you do that connection stuff there, then you don't need to do here. Simply include the config file and mention your connection variable as first paramater to `mysqli_query`. – Yuva Raj Apr 15 '15 at 09:45
I have made an edit based on the answer you gave, it's still displaying blank, is there something I have done incorrectly, it still does not work. – stark Apr 15 '15 at 10:14
Have an `echo` query between codes and see where the code stops. Check ouy my EDIT. – Yuva Raj Apr 15 '15 at 10:37
I actually just tried using PDO and got it to work, i'll make an update. – stark Apr 15 '15 at 10:45
PDO isnt fool proof you have to use it correctly, check out the php manual with that regard, also check out how to get your post and get data with filter_input and filter_input_array also in the php manual. Validation and sanitization doesnt stop there, its a multi pronged process. user -> validate and sanitize -> send to database And then, database -> validate and sanitize (for where its being used) -> put to use. – CodingInTheUK Apr 20 '15 at 21:35

score 1 · Answer 2 · answered Apr 15 '15 at 09:15

1

You also have to echo your message.

BTW, your approach is totally open to SQL injection.

answered Apr 15 '15 at 09:15

Marco Bernardini

695
6
17

score 1 · Answer 3 · answered Apr 15 '15 at 09:22

Your problem is you lack any form or execution in the given example.

You can use PDO start with this tutorial: http://www.mysqltutorial.org/php-querying-data-from-mysql-table/

I would also look up, PHP Classes tutorial, Preventing SQL Injection, Basic PHP OOP and PHP Sessions Tutorial. You may find that this can be implemented more easily with a PHP framework but its better to have a handle on what is happening if you intend to do any code work.

score 0 · Answer 4 · answered Apr 15 '15 at 10:48

I used Yuva Raj answer to amend my code then used the tutorial from Chris and came up with working code. It still needs more security added but its a start.

require_once __DIR__.'/config.php';
session_start();

$dbh = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_USERNAME, DB_USERNAME, DB_PASSWORD);

$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];

$stmt = $dbh->prepare("insert into users set username='".$username."', email='".$email."', password='".$password."' ");
$stmt->execute();
echo "<p>You are registered!</p>";

php registration form not submitting values to database and displaying a blank page (no errors)

4 Answers4