1

I've created this registration form and i want to insert a text file like CV in mysql database named st_login including the table named login.In the following code i've only created a form for registration purposes and want to insert also an option allowing the user to insert a text file (CV)into the registration form and this text file to be saved into that database using Php.

This is my php code:

<html >
<head>
<title></title>
</head>
<body>
<?php



print ("<form action='register.php' method='post'>
    <p>Name
        <input type='text' name='firstname'  />
    </p>
    <p>Surname
        <input type='text' name='lastname' />
    </p>
    <p>Username
        <input type='text' name='username' />
    </p>
    <p>Password
        <input type='password' name='password' />
        <p/>
    <input type='submit' value='Register'/>
</form>");
extract ($_POST);
if( !($database=mysql_connect("localhost","root",""))||!(mysql_select_db("st_login",$database))  )
   print("Could not connect");

if(isset($_POST['firstname'] )&&isset($_POST['lastname'])&&isset($_POST['username'])&&isset($_POST['password']) ){
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$username=$_POST['username'];
$password=$_POST['password'];
$query = "INSERT INTO login (firstname, lastname, username,password) VALUES ('$firstname', '$lastname', '$username','$password')";
}


if ( !empty($firstname)&&!empty($lastname)&&!empty($username) &&!empty($password) )
{
  if(!($result=mysql_query($query,$database)))
{
    print("Could not execute query");
    die (mysql_error());//ose error
}
else echo "You have been registered successfully";
}
else echo "Fill in all the blank fields";
mysql_close($database);
?>
</body>
</html>
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Doggy
  • 63
  • 2
  • 10
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Jan 04 '16 at 19:30
  • 1
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jan 04 '16 at 19:30
  • Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). – Jay Blanchard Jan 04 '16 at 19:30
  • You would add a field with ``. then you would build the script to validate and handle the file upload.Please add details to narrow the answer set or to isolate an issue that can be answered in a few paragraphs.I would suggest that you find a development forum (perhaps [Quora](http://www.quora.com/Computer-Programming)?) to work out generalities. Then, when/if you have specific coding issues, come back to StackOverflow and we'll be glad to help. – Jay Blanchard Jan 04 '16 at 19:32
  • 2
    Ok my script is in process and i 'll use password_hash().Thank you! But what i want to learn now is how to insert a text file into my database. – Doggy Jan 04 '16 at 19:33
  • 2
    What you're asking is far too broad @Doggy. There are lots of tutorials for file upload that can be Google'd quite easily. – Jay Blanchard Jan 04 '16 at 19:34
  • Is it neccessary creating all these fields when insertin a text file in the table or just field 'name' is enough ? CREATE TABLE `file` ( `id` Int Unsigned Not Null Auto_Increment, `name` VarChar(255) Not Null Default 'Untitled.txt', `mime` VarChar(50) Not Null Default 'text/plain', `size` BigInt Unsigned Not Null Default 0, `data` MediumBlob Not Null, `created` DateTime Not Null, PRIMARY KEY (`id`) – Doggy Jan 04 '16 at 21:05
  • Don't use 'name' or anything else that might be a [MySQL Key or Reserved Word](https://dev.mysql.com/doc/refman/5.6/en/keywords.html). A text column would likely be sufficient. – Jay Blanchard Jan 04 '16 at 22:08

0 Answers0