MySQL&PHP - Invisible data? Wut?

Question

I´am trying to insert values into my MySQL from a form but it results in a white blank columns and nothing else in the table.

The first is manually inserted from SQL console:

My code:

<?php
$servername = "mysql1.000webhost.com";
$username = "a5287585_login";
$password = "********";
$dbname = "a5287585_login";
$nickname = $_POST['nickname'];
$pass = $_POST['password'];

// Vytvorenie pripojenia
$conn = new mysqli($servername, $username, $password, $dbname);

// Kontrola pripojenia
if ($conn->connect_error) 
{
   die("Connection failed: " . $conn->connect_error);
} 
echo "Connected successfully ";

// Vloženie dát (Nick,ecc..)
$sql = "INSERT INTO UserDB (Name, Password) VALUES ('$nickname', '$pass')";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

Thank you for every help.

EDIT Adding form

    <body background="IMG/login/bg.png" >
        <form method="POST" action="login.php">
        <center>
            <input type="image" name="submit" src="IMG/login/userimg.png" border="0" alt="Submit" id="button" />
        </center>
        <center>
            <p id="wcome">Welcome</p>
        </center>
        <center>    
            <div id="form"> 
                    <input id="nick" type="text" name="nickname" placeholder="   Nickname" />
                        <br>
                    <input id="pass" type="password" name="password" placeholder="    Password" />
                </form>
        </center>
            </div>

probably because your POST arrays are empty, who knows. You didn't post it. check for `empty()`'ness and alter your columns to not accept NULL/empty values. — Funk Forty Niner, Dec 18 '15 at 13:22
Debugging: try to check your query before execution. echo $sql = "INSERT INTO UserDB (Name, Password) VALUES ('$nickname', '$pass')";exit; check the result of this query and share or run through console. — devpro, Dec 18 '15 at 13:22
Have you checked if the $_POST is fulfilled with da data? Also you should define your table columns not null. — Keyne Viana, Dec 18 '15 at 13:23
Please post your form as well. As there might be issues with the form fields as well. Also try printing the post values as `print_r($_POST)` — Nehal, Dec 18 '15 at 13:24
@Jediah It's been well over 12 mins now, that I've posted an answer below. That should work. If it still doesn't check for errors with error reporting. That will tell you what's happening or not. — Funk Forty Niner, Dec 18 '15 at 13:47
I fear that you're not showing us your full/real codes here. Your site's form login PHP page is `
` and I get a 404. So you need to fix that. I get redirected to http://error404.000webhost.com/? - that is LOGIN code, not for an INSERT. So, again, you need to use the right page/codes. — Funk Forty Niner, Dec 18 '15 at 14:01
also, your HTML markup is incorrect (in the link you gave me below) and contains many errors. You have to fix that. Look at the HTML source (in Firefox), you will see many errors in red. Check for errors and look at the developer's console. There isn't much else I can do for you here, sorry. What I posted as an answer below, is good/valid code. Your question/code does not support the question/problem you are having. — Funk Forty Niner, Dec 18 '15 at 14:03

score 1 · Accepted Answer · edited May 23 '17 at 10:29

"are you using the form/PHP/SQL on the same page? – Fred -ii- 8 mins ago"
"I´m using form and PHP&MySQL on the same page. – Jediah 2 mins ago"

You're using your entire code inside the same page and is entering empty data immediately as the page is loaded.

You need to use conditional statements for it and checking if the POST arrays are not empty.

I.e.

if(!empty($_POST['nickname']) && !empty($_POST['password']) )
{ execute the insert and/or place your variables/POST arrays here }

Edit (example rewrite)

First, remove the following from where you have it now, and placed inside the conditional statements.

$nickname = $_POST['nickname'];
$pass = $_POST['password'];

and use:

if(!empty($_POST['nickname']) && !empty($_POST['password']) )
{

   $nickname = $_POST['nickname'];
   $pass = $_POST['password'];

   $sql = "INSERT INTO UserDB (Name, Password) VALUES ('$nickname', '$pass')";

       if ($conn->query($sql) === TRUE) {
        echo "New record created successfully";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }

}

Plus, it would be beneficial if you were to ALTER your columns in order not to accept NULL/Empty values.

Then using error handling on the query.

Now, if your data contains characters that MySQL may be complaining about, such as apostrophes and for example John's Bar & Grill, then you will need to escape your data; something you should be doing in any event.

Sidenote: This <input type="image"... may also be failing you. Use a type="submit" as an input.

I.e.: <input type="submit" name="submit" value="Submit">

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

Your present code is open to SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended.

Use one of the following:

CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
On OPENWALL
PBKDF2
PBKDF2 on PHP.net
PHP 5.5's password_hash() function.
Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/

MySQL&PHP - Invisible data? Wut?

1 Answers1