-8

I am making a sign up form using php but when I click on register button, it saves 1,1 in email and password fields instead of given email and password.

  <?php
include("connection.php")
?>
<?php

$email=isset($_POST['email']);
$password=isset($_POST['password']);

if(isset($_POST['register']))
{
    $q= "insert into admin (email, password) values ('$email', '$password')";
    $qr=mysqli_query($con, $q);
    if($qr)
    {
        echo "data added sucessfully";
    }
    else
    {
        die();
    }
}

?>

<!DOCTYPE html>
<html>
<head>
    <title>Log in</title>
</head>
<body>
<form method="post" action="">
<input type="email" name="email">
<br>
<input type="password" name="password">
<br>
<button type="submit" name="register" value="register">register</button>
</form>
</body>
</html>

sebenalern
  • 2,515
  • 3
  • 26
  • 36
Ehmad Mughal
  • 15
  • 6
  • 1
    http://php.net/manual/en/function.isset.php , isset function return a boolean , change to if(isset($_POST['email'])){$email=$_POST['email'];} edit : posted as answer – Benjamin Poignant Feb 05 '16 at 16:23
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Feb 05 '16 at 16:27
  • Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). – Jay Blanchard Feb 05 '16 at 16:27

3 Answers3

1

http://php.net/manual/en/function.isset.php

Isset function return a boolean, try :

if(isset($_POST['email'])){
    $email=$_POST['email'];
}
if(isset($_POST['password'])){
    $password=$_POST['password'];
}
Benjamin Poignant
  • 1,066
  • 8
  • 18
  • Or you can use a tenary operator: `$email = (isset($_POST['email']) ? $_POST['email'] : "");`, because what happens when not all fields are set? *Undefined variable* – Qirel Feb 05 '16 at 16:26
1

The reason why it's entering 1's in your db is because of the isset()'s for the POST arrays.

Sidenote: You may have meant to use a ternary operator http://php.net/manual/en/language.operators.comparison.php

RTM: http://php.net/manual/en/function.isset.php bool isset ( mixed $var [, mixed $... ] ) which returns a boolean.

$email=isset($_POST['email']);
$password=isset($_POST['password']);

You need to remove the isset().

$email=$_POST['email'];
$password=$_POST['password'];

then check if they are not empty instead.

if(!empty($_POST['email']) && !empty($_POST['password']) )

and placed inside if(isset($_POST['register'])){...}

and I have no idea why you're embedding code into textarea.
Edit: I see you removed it in an edit.

Also make sure your column types are able to store strings and not integers and are long enough to accommodate the data being stored.

Your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements.

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended if you intend on going live with this.

Use one of the following:

Other links:

Important sidenote about column length:

If and when you do decide to use password_hash() or crypt, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.

You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.

Footnotes:

You should also check for errors against your query.

and error reporting is another that will help you out here.

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
0

I think it should be something like below

$email = isset($email) ? $email : "" $password = isset($password) ? $password : ""

CodeTweetie
  • 6,075
  • 3
  • 19
  • 23