Form information is not updating to my Database

Question

I have been stuck on this for 3 days now and any help would be very much appreciated. Please note that i have the php and html in one page for now until i get it working then once it has been fixed i will place the php connection script into its usual folder. when I get onto the sign up page i can see that i am connected to my and i can fill out my form and submit it without any errors, however the database will not be updated and when i refresh the database no new users are found. Below is my code so far if anyone could show me what i am doing wrong or where i could improve to fix this error i would be trully thankfull. Thank you in advance!

<?php
    $host="localhost";
    $dbuser="root";
    $pass="********";
    $dbname="amsadler";
    $con = mysqli_connect ($host, $dbuser, $pass, $dbname);
    if (mysqli_connect_errno ())
    {
        die ("Connection Failed!" . mysqli_connect_error());
    }
    else
    {
    echo "Connected to database {$dbname} ";
    }

    if(isset($_POST['submit']))
    {
        $fname = mysqli_real_escape_string($con, $_POST ['fname']);
        $lname= mysqli_real_escape_string($con, $_POST ['lname']);
        $email= mysqli_real_escape_string($con, $_POST ['email']);
        $pswrd= mysqli_real_escape_string($con, $_POST ['pswrd']);

        $sql = $con->query("INSERT INTO users ( fname, lname, email, pswrd,)
                    VALUES ( ' {$fname} ' , ' {$lname} ' , ' {$email} ' , ' {$pswrd} ' )");

    }
?>


<!DOCTYPE html>
<html lang="en-US">
<head>
    <title>Signup</title>
    <meta charset="utf-8">
    <meta name="description" content="description of webpage">
    <meta name="keywords" content="keywords go here">
    <meta name="author" content="amsadler">
    <link rel="stylesheet" href="css/style.css">
    <link rel="stylesheet" href="css/signup.css">
    <link rel="index" href="index.php">
    <link rel="icon" href="img/favicon.png" sizes="16x16" type="image/png">
</head>
<body>

    <div class="header">
        <div id="logo">
                <a href="index.php"><img src="img/logo.png" alt="logo" title="blah blah"/></a>
        </div>
    </div>

     <div id="signupform">
        <form method="post"><br>
            <input type="text" id="fname" name="fname" placeholder="First name">
            <input type="text" id="lname" name="lname" placeholder="Last name"><br><br>
            <input type="text" id="email" name="email" placeholder="Email address">
            <input type="password" id="pswrd" name="pswrd" placeholder="Password"><br><br>
            <input id="button" type="submit" value="Submit">
        </form>
    </div>

<?php
    include ("inc/footer.php");
?>

</body>
</html>

score 1 · Accepted Answer · edited Mar 17 '17 at 13:14

There are a few problems here.

One of them being with your conditional statement:

if(isset($_POST['submit'])){...}

Nothing in there will fire up because of a missing name attribute "submit".

Name your submit button:

<input name="submit" id="button" type="submit" value="Submit">
       ^^^^^^^^^^^^^

Then a trailing comma in your query:

( fname, lname, email, pswrd,)
                            ↑

remove it

( fname, lname, email, pswrd)

Add or die(mysqli_error($con)) to mysqli_query()

Using error checking on the query will have shown another syntax error soon as you would name the submit button:

http://php.net/manual/en/mysqli.error.php

No errors you say? You're most likely not checking for them or your system isn't setup for it and to display them.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

It would have signaled an undefined index submit notice.

In order to make absolutely sure that it was a successful query, use affected_rows().

http://php.net/manual/en/mysqli.affected-rows.php

I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.

I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

Make sure that if and when you do use a safe hashing method, that your password column is long enough to hold the hash.

A safe bet is VARCHAR(255) which PHP.net recommends on using. Details are listed on their website.

http://www.php.net/manual/en/function.password-hash.php

Man thank you so much I am new at this and i am using notepadd++ i did not see see the ( fname, lname, email, pswrd,) and i named submit ↑ It is working now I am learning on youtube how to do this and when i get stuck i come here for proffesional advice if i cannot fix it! thanks again man may you have an awesome day. — Anthony Sadler, Aug 08 '15 at 21:18
@AnthonySadler You're most welcome Anthony and was glad to have been of help, *cheers* and you have a great day too, thanks. — Funk Forty Niner, Aug 08 '15 at 21:19
thanks on the crypt blowfish aswell I have not got that far yet i am currently watching this series on youtube. https://www.youtube.com/watch?v=InmQaOENDhA and learning as i go — Anthony Sadler, Aug 08 '15 at 21:27
@AnthonySadler You're welcome. You may want to have a look at one of ircmaxell's answer here on Stack http://stackoverflow.com/a/29778421/ it uses PDO with prepared statements and both versions of password_hash(). The PDO method can easily be converted to mysqli_ with prepared statements. — Funk Forty Niner, Aug 08 '15 at 21:28

Form information is not updating to my Database

1 Answers1