0

I want to insert a record into the data-base, I don't know where's the probolem this is my code ! 

 <?php

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $status = "";
    $name = $_POST['name'];
    $username = $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST[$password];

    $query = "INSERT INTO admins (name, email, username, password) ";

    $query .= "VALUES ('{$name}','{$email}','{$username}','{$password}')";

    $result = mysqli_query($connect , $query);

    if (isset($result)){
        $status = "Admin has been added";
    }else {
        $status = "Admin hasn't been added ";
    }
}
?>

<form action="add_user.php" method="post">
    <h3>Name</h3>
    <input name="name" placeholder="Name">
    <h3>Username</h3>
    <input name="username" placeholder="Username">
    <h3>E-mail</h3>
    <input name="email" placeholder="E-mail">
    <h3>Password</h3>
    <input name="password" placeholder="Password" id="password" type="password">
    <h3>Confirm Password</h3>
    <input name="confirm_pass" placeholder="Confirm Password" id="confirm_password" type="password" onkeydown="ValidatePass()">
    <p id="pass_state"></p>
    <div id="btn">
        <input type="submit" value="Create User dis" disabled>
    </div>
    <h4 style="color: orangered"><?php ?></h4>
</form>

I know that there night be sqlInjections ! don't worry about that that's only for local development and learning purposes:D

please Help !

Bouzaid
  • 66
  • 8
  • 3
    Not might, definitely are SQL injections. Anyway, your '$connect' doesn't appear to be set anywhere. – samlev Aug 25 '15 at 16:33
  • 1
    You're assuming everything will work without doing any error checking. At a minimum add error checking, such as `or die(mysqli_error())` to your queries. Or you can find the issues in your current error logs. – Jay Blanchard Aug 25 '15 at 16:34
  • You're also storing user passwords in plain text, which is just about one of the worst things you can do to your users. User passwords should be obscured with a 1-way hash and *never* retrievable by *anybody*. (Not even you as the database owner.) Given that this "is for learning purposes" then this is a **great** opportunity to learn about password hashing, SQL injection, and error handling. – David Aug 25 '15 at 16:36
  • This line is *probably* causing an error: `$password = $_POST[$password];` – David Aug 25 '15 at 16:37
  • yes indeed the problem is in $password = $_POST[$password]; – Bouzaid Aug 25 '15 at 17:50

1 Answers1

-1

First of all change this line 

$password = $_POST[$password];

with this 

$password = $_POST['password'];

then check your connection string, it works fine for me

Mohammed Elhag
  • 4,272
  • 1
  • 10
  • 18
  • Oh God ! didn't notice that !! I've tried to analyse the code and spot the problem, but as you know ... Thank you for mentioning it – Bouzaid Aug 25 '15 at 17:49