1

So I am very new to PHP,and databases in general, so please be indulgent! :)

I created a simple form in an HTML file:

<h1> Créez votre compte ici</h1>
<form action="form.php" method="post">
<p id="textdone"> </p>
<input type= "text" name="Surname" autocomplete="on" placeholder="Votre nom" required/> <br> <br>
<input type= "text" name="Name" autocomplete="on" placeholder ="Votre prenom" required/> <br> <br>
<input type= "email" name="Email" autocomplete="on" placeholder ="Adresse mail" required/> <br><br>
<input type= "text" name="Pseudo" autocomplete="off" placeholder ="Votre pseudo" maxlength="20" required/> <br>
<p>Ajoutez une photo de profil: <input type= "file" /> <br><br></p>
<p> Entrez un mot de passe: <input type="Password" name="Passwird" autocomplete="off"  maxlength="20" required placeholder="Mot de passe"/> <br><br>
Validez votre mot de passe: <input type="password1" autocomplete="off"  maxlength="20" required placeholder="Mot de passe"/> <br><br>
    </p>
<input type="submit" value="Soumettre"/>
</form>
    </body>

And so my action file, the form.php file, saved in the same folder (I made sure) is as follows:

<?php
define('DB_NAME', 'Matchy');
define('DB_USER', 'root@localhost');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if (!$link){
    die('Could not connect: ' .mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);

if (!$db_selected){
    die('Can\'t use' . DB_NAME. ':'. mysql_error());
}
echo 'Successful connection';

$surname = $_POST['Surname'];
$name = $_POST['Name'];
$email = $_POST['Email'];
$pseudo = $_POST['Pseudo'];
$password = $_POST['Password'];

$sql = "INPUT INTO users (Name) VALUES ('$name')";
$sql1 = "INPUT INTO users (Surname) VALUES ('$surname')";
$sql2 = "INPUT INTO users (Pseudo) VALUES ('$pseudo')";
$sql3 = "INPUT INTO users (Email) VALUES ('$email')";
$sql4 = "INPUT INTO users (Password) VALUES ('$password')";

if (!mysql_query($sql)) {
    die ('Error: ' .mysql_error());
}
if (!mysql_query($sql1)) {
    die ('Error: ' .mysql_error());
}
if (!mysql_query($sql2)) {
    die ('Error: ' .mysql_error());
}
if (!mysql_query($sql3)) {
    die ('Error: ' .mysql_error());
}
if (!mysql_query($sql4)) {
    die ('Error: ' .mysql_error());
}

mysql_close();
?>

But every time I fill out my form and hit submit, I get this message: Cannot Post /form.php.

I get this code from this following video (https://www.youtube.com/watch?v=wp6Ngpk5XiY&index=2&list=PL530D33D6E548481F), which was very useful. But I really can't connect. I created my table on my database, with all the right columns. I use phpMyAdmin.

Thank you so much to anyone who can help!! :)

Isaac Bennetch
  • 11,830
  • 2
  • 32
  • 43
Andre Debuisne
  • 303
  • 1
  • 3
  • 15

2 Answers2

2

Let's outline the errors here.

INPUT INTO isn't a valid MySQL expression, the syntax is INSERT INTO.

Then you have name="Passwird" and $_POST['Password'] which do not match and error reporting http://php.net/manual/en/function.error-reporting.php would have told you about it.

Then as outlined in comments by another member:

<input type="password1" autocomplete="off" maxlength="20" required placeholder="Mot de passe"/> this one is providing no love too. No inputtype password1 – Hendra Nucleo

which should have been password and not password1.

Best to use the right and official references http://dev.mysql.com/doc/en/insert.html and switch to PDO with prepared statements or mysqli_* with prepared statements, as the mysql_* functions are deprecated. The official manuals are the best references.

  • They won't steer you wrong ;-)

That tutorial probably didn't mention anything about SQL injection, so that's a good read in its own right.

Nor did it mention anything about passwords.

I noticed that you may be storing passwords in plain text. This is not recommended.

Use one of the following:

Other links:

Important sidenote about column length:

If and when you do decide to use password_hash() or the compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.

You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.

Edit:

That whole block of code could have easily been done in a few lines, such as and without so many calls to the same table:

$sql = mysql_query("

        INSERT INTO users (Name, Surname, Pseudo, Email, Password) 
        VALUES ('$name', '$surname', '$pseudo', '$email', '$password')

        ");

if($sql){
echo "Success!";
}

else { "Error: " . mysql_error(); }
Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • @Fred-ii- Simple question, why is no error when using procedural approach for open connection and select database, then using `$var->query('SELECT * FROM table_name') for running query? – Hendra Nucleo Apr 23 '16 at 19:38
  • 1
    This is definitely a much better answer than the other and covers several good points. This is a good place to start from. A good take-away from this would be: Try to do as much analysis and planning up-front, especially when it comes to your database design and the technology (language, code structure, framework, and libraries). Even though it appears you are just trying to learn a lot of this, it is best to get into good habits early. It will minimize problems and make it easier for others to help you when one does creep up. – gmiley Apr 23 '16 at 19:40
  • @HendraNucleo The particular error may very well be occurring much earlier in the code execution than that particular call. – gmiley Apr 23 '16 at 19:41
  • @gmiley Absolutely no error mate, successfull query with data pulled from database. – Hendra Nucleo Apr 23 '16 at 19:42
  • @HendraNucleo If no error checking is used in either procedural or object oriented, then it won't throw anything unless the server itself is already setup to throw them without having to use error checking functions. This I mean at the sysop level on a * NIX system that is and most of us those have that high an access level. – Funk Forty Niner Apr 23 '16 at 19:45
  • @Fred-ii- Error checking exist with error thrown if persist. Is `$con = mysqli_connect($host, $user, $password);` threated similar to `$con = new mysqli()` ? – Hendra Nucleo Apr 23 '16 at 19:49
  • @HendraNucleo However, certain things can and will fail silently in MySQL. One of them being for column lengths. If for example a password column is too short to accommodate a hash that is 60 chars. long and the column is 50, then that's a silent fail. There are other scenarios though, but would be too long a discussion at this point ;-) – Funk Forty Niner Apr 23 '16 at 19:54
  • @HendraNucleo Both are similar, yet some like to use one method over another; it's a personal preference really. I use both myself, not always the same one. – Funk Forty Niner Apr 23 '16 at 19:56
  • @Fred-ii- I remember a quote 'Teaching is not in my DNA' so lets moving & sneaking into Q by Q :D `def: cheers` `python import beer` `composer init --party` :D – Hendra Nucleo Apr 23 '16 at 19:58
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/110031/discussion-between-hendra-nucleo-and-fred-ii). – Hendra Nucleo Apr 23 '16 at 20:50
0

Yeah, @gmiley raised a good question, check whether you can use input or not and instead use insert query with all the values in single statement. For syntax, you can refer the following link:http://www.w3schools.com/sql/sql_insert.asp

Aparna
  • 255
  • 1
  • 8