1

I have the tables users and register in my database. I've created a login page which starts a session using the users table, then people fill out a form to insert data into the register table. I've used the following code to insert the data. My code doesn't have errors but the thing is it is not inserted to my table. Please help me. Thanks. 

<?php
    include("includes/db.php");
    session_start();

    if(!isset($_SESSION['user_name'])){        
        header("location: login.php");
    }
    else { ?>
    <html>
    <body>
        <h2>New users Signup!</h2>
        <form action="login.php" method="post">
            <input type="text" name = "firstname" placeholder="Firstname"/>
            <input type="text" name = "lastname" placeholder="Lastname"/>
            <input type="text" name = "address" placeholder="Address"/>
            <input type="text" name = "contact" placeholder="Contact"/>
            <input type="text" name = "email" placeholder="Email Address"/>
            <input type="password" name = "password" placeholder="Password"/>
            <div class = "bttn">
            <button type="submit" name = "submit" class="btn btn-default">Signup</button>
            </div>
        </form>
    </body>
    </html>
    <?php
    if(isset($_POST['submit']))
    {
        $users_firstname = $_POST['firstname'];
        $users_lastname = $_POST['lastname'];
        $users_address = $_POST['address'];
        $users_contact = $_POST['contact'];
        $users_email = $_POST['email'];
        $users_password = $_POST['password'];
        $users_date = date('Y-m-d');

        if($users_firstname=='' or $users_lastname=='' or $users_address=='' or $users_contact=='' or $users_email=='' or $users_password=='')
        {
            echo "<script>alert('Any of the fields is empty')</script>";
            exit();
        } else {
            $insert_query = mysql_query("insert into users (users_firstname,users_lastname,users_address,users_contact,users_email,users_password,users_date) values ('$users_firstname','$users_lastname','$users_address','$users_contact','$users_email','$users_password','$users_date')");
            $users_id=mysql_insert_id();

            if(mysql_query($insert_query)) {
                echo "<script>alert('post published successfuly')</script>";
            }
        }
    }
} ?>
Roman
  • 2,530
  • 2
  • 27
  • 50
Jack-Jack
  • 119
  • 9
  • use action="#" seems like, you are using the same file as an action to that form.. so no need to call the file name there.. a # is enough.. – ameenulla0007 Feb 21 '16 at 12:40
  • what is that `if(mysql_query($insert_query))` , you already run query in $insert_query – Jack jdeoel Feb 21 '16 at 12:42
  • Have you tried error checking? – Cedric Ipkiss Feb 21 '16 at 12:47
  • "*My code doesn't have errors*" - it would work if there were no errors ;-) You just need to check for them, see these functions: [`error_reporting(E_ALL);`](http://php.net/manual/en/function.error-reporting.php), [`ini_set('display_errors', 1);`](http://php.net/manual/en/function.ini-set.php) and [`mysql_error`](http://php.net/manual/en/function.mysql-error.php). Also, `mysql_*` functions are deprecated since PHP 5.5 (and removed entirely in PHP 7) and you should [stop using them](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) if you can. – Qirel Feb 21 '16 at 12:57
  • @DavidJawphan that is to confirm if the query really works or the values were really inserted inthe database. Sorry dude im just new to this. – Jack-Jack Feb 21 '16 at 13:09

3 Answers3

0

  1. You should removed the whitespaces in your html-code:

    Wrong

      <input type="text" name = "firstname" placeholder="Firstname"/>
                        ^^^^^

    Correct

      <input type="text" name="firstname" placeholder="Firstname"/>

  2. Do not put the variables in single quotes:

    $insert_query = mysql_query("INSERT INTO users 
(users_firstname,users_lastname,users_address,users_contact,users_email,users_password,users_date) 
VALUES 
($users_firstname,$users_lastname,$users_address,$users_contact,$users_email,$users_password,$users_date)");

Update: This was wrong. The whole string is in double-quotes so the OP did correct and my notice was wrong. For information-purposes i will let stand the link to the documentation here.

Note: Unlike the double-quoted and heredoc syntaxes, variables and escape sequences for special characters will not be expanded when they occur in single quoted strings.

Read more about single- and double-quotes in the PHP documentation.

  1. Do not double-run the query/perform wrong function-call

    $insert_query = mysql_query(".......");
........
if(mysql_query($insert_query)){
    echo "<script>alert('post published successfuly')</script>";
}

    You already have run the query in the first line. If you want to check if it was successful, you have to use if($insert_query) {}. The call mysql_query($insert_query) is wrong because mysql_query() returns a ressource instead of the sql-query.

  2. Do not use mysql_*() function calls. You mysqli_*() instead.

    Warning This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include: mysqli_query() PDO::query()

  3. Check your use of session.

You are checking the $_SESSION for user_name and if it is not set, you are redirecting via header("location: login.php"). The problem is, that you are never inserting the user_name into the session, so it will always be not set.

You can set the value via $_SESSION['user_name'] = $_POST['user_name']. Have in mind that you have to set the session before checking the session-value. ;-)

Roman
  • 2,530
  • 2
  • 27
  • 50
  • 1
    1. That doesn't really matter, it works anyway. 2. Single quotes SHOULD be used around strings in SQL, and the whole thing is put in double-quotes, so variables *are* passed. – Qirel Feb 21 '16 at 12:56
  • damn you are right, my fault. thanks for the notice. I have updated my answer. – Roman Feb 21 '16 at 12:59
  • Hey but if i removed if(!isset($_SESSION['user_name'])){ header("location: login.php"); } else { it is working – Jack-Jack Feb 21 '16 at 13:05
0

Now try this code:

<?php
        include("includes/db.php");
    session_start();

    if(!isset($_SESSION['user_name'])){

    header("location: login.php");
    }
    else {

    ?>
    <html>
    <body>


        <?php
    if(isset($_POST['submit']))
    {

          $users_firstname = $_POST['firstname'];
          $users_lastname = $_POST['lastname'];
          $users_address = $_POST['address'];
          $users_contact = $_POST['contact'];
          $users_email = $_POST['email'];
          $users_password = $_POST['password'];
          $users_date = date('Y-m-d');

        if($users_firstname=='' or $users_lastname=='' or $users_address=='' or $users_contact=='' or $users_email=='' or $users_password=='')
        {
        echo "<script>alert('Any of the fields is empty')</script>";
        exit();
        }

        else 
        {
            $insert_query = mysql_query("INSERT INTO `users` (users_firstname, users_lastname, users_address, users_contact, users_email, users_password, users_date) values ('$users_firstname', '$users_lastname', '$users_address', '$users_contact', '$users_email', '$users_password', '$users_date')");
            $users_id=mysql_insert_id();


          echo "<script>alert('post published successfuly')</script>";

        }
    }
    ?>

        <h2>New users Signup!</h2>
        <form action="" method="post">
            <input type="text" name="firstname" placeholder="Firstname"/>
            <input type="text" name="lastname" placeholder="Lastname"/>
            <input type="text" name="address" placeholder="Address"/>
            <input type="text" name="contact" placeholder="Contact"/>
            <input type="text" name="email" placeholder="Email Address"/>
            <input type="password" name="password" placeholder="Password"/>
            <div class="bttn">
            <button type="submit" name="submit" class="btn btn-default">Signup</button>
            </div>
        </form>
    </body>
    </html>

    <?php } ?>

I have:

  1. Repositioned your PHP code for inserting to be at the top of the form
  2. changed <form action="login.php" to <form action="" because we are executing from the same page
  3. Your query has already run so removed the if(mysql_query...
  4. Removed the spaces in the form e.g. name = " nameofform" to name="nameofform"
  5. I don't see any reason for having this $users_id=mysql_insert_id();, YOu should use auto-increment for the userID on your database

But since we don't know how you have connected to your database, because also that can be an issue: you can also try this way

 <?php
//connect to DB

$hostname_localhost = "localhost"; //hostname if it is not localhost
$database_localhost = "databasename";
$username_localhost = "root"; //the username if it is not root
$password_localhost = "password_if_any"; //if no password leave empty
$localhost = mysql_pconnect($hostname_localhost, $username_localhost, $password_localhost) or trigger_error(mysql_error(),E_USER_ERROR); 
?>

<?php 
    // include("includes/db.php");     
    if (!isset($_SESSION)) {
     session_start();
    }
    if(!isset($_SESSION['user_name'])){
    header("location: login.php");
    }
    else {
?>
    <html>
    <body>


<?php
    if(isset($_POST['submit']))
    {

          $users_firstname = $_POST['firstname'];
          $users_lastname = $_POST['lastname'];
          $users_address = $_POST['address'];
          $users_contact = $_POST['contact'];
          $users_email = $_POST['email'];
          $users_password = $_POST['password'];
          $users_date = date('Y-m-d');

        if($users_firstname=='' or $users_lastname=='' or $users_address=='' or $users_contact=='' or $users_email=='' or $users_password=='')
        {
        echo "<script>alert('Any of the fields is empty')</script>";
        exit();
        }

        else 
        {


$insert_query = sprintf("INSERT INTO `users` (users_firstname, users_lastname, users_address, users_contact, users_email, users_password, users_date) values ('$users_firstname', '$users_lastname', '$users_address', '$users_contact', '$users_email', '$users_password', '$users_date')");

mysql_select_db($database_localhost, $localhost);
$Result = mysql_query($insert_query, $localhost) or die(mysql_error());


          echo "<script>alert('post published successfuly')</script>";

        }
    }
    ?>

        <h2>New users Signup!</h2>
        <form action="" method="post">
            <input type="text" name="firstname" placeholder="Firstname"/>
            <input type="text" name="lastname" placeholder="Lastname"/>
            <input type="text" name="address" placeholder="Address"/>
            <input type="text" name="contact" placeholder="Contact"/>
            <input type="text" name="email" placeholder="Email Address"/>
            <input type="password" name="password" placeholder="Password"/>
            <div class = "bttn">
            <button type="submit" name="submit" class="btn btn-default">Signup</button>
            </div>
        </form>
    </body>
    </html>

    <?php } ?>
Omari Victor Omosa
  • 2,814
  • 2
  • 24
  • 46
-1

remove action
Try this

 <form action="" method="post">
paranoid
  • 6,799
  • 19
  • 49
  • 86
  • Although it's not needed with an `action` attribute when you're pointing to the same file, it doesn't matter as long as the correct file-name is given. – Qirel Feb 21 '16 at 12:54