Passing data into database with PHP

Question

I am new to programming.

Today, I started learning some mysqli so I can make a login form for my "practising site", but I have a problem. If you check down the code you will understand what I want to do.

So any help? Because this doesn't work. It doesn't pass the data I enter in the form. And, is that a correct way to do it and if no which way is more professional? Thanks in advance.

<form action = "<?php $_PHP_SELF ?>" method ="POST">
 Username: <input type ="text" name = "username"/> </br>
 Password: <input type ="password" name = "password"/> </br>
 Email: <input type = "text" name = "email"/> </br>
 <input type = "button" value = "Submit"/> 
</form>

<?php

ini_set('display_errors', '1');

   $dbhost = 'localhost';
   $dbuser = 'root';
   $dbpass = ''; 
   $dbname = 'dbtesting';
   $username = $_POST["username"];
   $password = $_POST['passsword'];
   $email = $_POST['email'];

   $query = "INSERT INTO mywebpageusers (username, password, email)
             VALUES ('$username', '$password', '$email')";

   $conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);

   if($conn->connect_error > 0)
   {
    die ('Could not connect to database [' . $conn->connect_error . ']');
   }
   echo 'Connected succesfully!!';

  $conn->query($query);

?>

1. You never execute your query 2. You are wide open to [sql injections](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — John Conde, Nov 17 '15 at 02:09

score 1 · Accepted Answer · answered Nov 17 '15 at 02:44

You have some errors:

Forgot the function "echo"
$_PHP_SELF is not a PHP variable, it should be $_SERVER['PHP_SELF'], it's better if you use $_SERVER['SCRIPT_NAME'].
Wrong submit button's type: type="submit"

"$conn->connect_error" is a string, when you compared with 0, it will become 0 => (0 > 0) will return false, so the function "die" never execute

 <form action = "<?php echo $_SERVER['PHP_SELF']; ?>" method ="POST">
 Username: <input type ="text" name = "username"/> </br>
 Password: <input type ="password" name = "password"/> </br>
 Email: <input type = "text" name = "email"/> </br>
 <input type = "submit" value = "Submit"/> 
</form>

<?php

ini_set('display_errors', '1');

   $dbhost = 'localhost';
   $dbuser = 'root';
   $dbpass = '';
   $dbname = 'dbtesting';
   $username = $_POST['username'];
   $password = $_POST['passsword'];
   $email = $_POST['email'];

   $query = "INSERT INTO mywebpageusers (username, password, email)
             VALUES ('$username', '$password', '$email')";

   $conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
   var_dump($conn->connect_error); //You can debug variables by var_dump function
   if ($conn->connect_error) {
       die('Could not connect to database ['.$conn->connect_error.']');
   }
   echo 'Connected succesfully!!';

  $conn->query($query);

?>

Hope this help. This code is enough for practise.

Only by changing the "button" type into submit it worked :P (omg these programming mistakes :P ) but yea thanks for the rest help and also with a little reasearch i see that idd my code is vulnerable to attacks..Many things to learn :P — Thanagor, Nov 17 '15 at 13:56

score 0 · Answer 2 · answered Nov 17 '15 at 06:29

You have to check whether the form is submitted or not. But you code is vulnerable

<?php

            ini_set('display_errors', '1');

               $dbhost = 'localhost';
               $dbuser = 'root';
               $dbpass = ''; 
               $dbname = 'dbtesting';

              if(isset($_POST['submit'])){

               $username = $_POST["username"];
               $password = $_POST['passsword'];
               $email = $_POST['email'];

               $query = "INSERT INTO mywebpageusers (username, password, email)
                         VALUES ('$username', '$password', '$email')";

               $conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);

               if($conn->connect_error > 0)
               {
                die ('Could not connect to database [' . $conn->connect_error . ']');
               }
               echo 'Connected succesfully!!';

              $conn->query($query);
        }

            ?>       

            <form method ="POST">
               Username: <input type ="text" name = "username"/> </br>
               Password: <input type ="password" name = "password"/> </br>
               Email: <input type = "text" name = "email"/> </br>
               <input type = "submit" name="submit" value = "Submit"/> 
            </form>

Passing data into database with PHP

2 Answers2