I want to insert item into my database, but it seems cannot insert into it, here is my code, anyone know the reason?

Question

I want to insert item into my database, but it seems cannot insert into it, here is my code, anyone know the reason ?

after the submission, I check my table 'info', it also nothing changed.

https://i.stack.imgur.com/z9rxI.jpg

this is the front-end of signup page, and the test.php after the submission

Your question contains an "image of". Don't be lazy. Post your code and the HTML form that goes with this. *Drives me crazier than I already am*. — Funk Forty Niner, Nov 04 '15 at 04:31
sorry, that's my first time use stackoverflow, I think I uploaded image with the question already. — Joye, Nov 04 '15 at 04:34
What error are you getting? also post a screenshot of the page with `var_dump($_POST)` outputted to it so we can see the input data — Memor-X, Nov 04 '15 at 04:35
I've got my money on http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index — Funk Forty Niner, Nov 04 '15 at 04:36
I'm trying to output data in the new page, but it always shows blank. — Joye, Nov 04 '15 at 05:15

score 1 · Answer 1 · answered Nov 04 '15 at 04:38

You do not have ' wrapped around your key accessors on your $_POST variables that you pass directly to the query function (which you shouldn't...see below). However instead of showing you how to correct that, I will instead show you how to secure yourself from SQL injection a bit better.

As it stands, you're super vulnerable to SQL injection by simply allowing the user to post data directly to your database. Instead use a prepared statement to combat this particular case.

$stmt = $mysqli->prepare('INSERT INTO info(username, password, first_name, last_name, location, email, pwv) VALUES(?,?,?,?,?,?,?)');
$stmt->bind_param('sssssss',
    $_POST['username'],
    $_POST['password'],
    $_POST['firstname'],
    $_POST['lastname'],
    $_POST['location'],
    $_POST['email'],
    $_POST['pwv']);
$stmt->execute();
$stmt->store_result();

if( count( $stmt->num_rows ) > 0 ) {
    //this is success
}

score 0 · Answer 2 · answered Nov 04 '15 at 04:39

Set your $_POST to variables:

$username = $_POST['username'];
$password = $_POST['password'];
$last_name = $_POST['last_name'];
$location = $_POST['location'];
$email = $_POST['email'];
$pwd = $_POST['pwv'];

$sql = "INSERT INTO info(username, password, first_name, last_name, location, email, pwv)
VALUES('$username','$password','$first_name','$last_name','$location','$email','$pwv');

score 0 · Answer 3 · answered Nov 04 '15 at 06:10

<?php 
    $servername = "localhost"; 
    $username = "username";
    $password = "password";
    $dbname = "database";

    $conn = mysql_connect($servername,$username,$password)or die(mysql_error());
    mysql_select_db($dbname,$conn);

    $sql = mysql_query("INSERT INTO `info` (`username`,`password`,`first_name`,`last_name`,`location`,`email`,`pwv`)
            VALUES('".$_POST['username']."','".$_POST['password']."','".$_POST['firstname']."','".$_POST['lastname']."','".$_POST['location']."','".$_POST['email']."','".$_POST['pwv']."')")or die(mysql_error());
?>

I want to insert item into my database, but it seems cannot insert into it, here is my code, anyone know the reason?

3 Answers3