0

I have a registration form and I want it to connect to my database. I used phpmyadmin as my database. The code that I used to connect the two is below:

db.php

<?php
$hostname = "127.0.0.1";
$user = 'root';
$password = '';
$db = 'dbTest';

//connection to db
$conn = mysqli_connect("$hostname", "$user", "$password", "$db")or die(mysqli_error());
mysqli_select_db($conn, "peanat")or die(mysqli_error());


    $username = $_POST['username'];
    $password = $_POST['password'];

    $username =  strtolower(trim($_POST["username"])); 
    $username = filter_var($username, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
    $checkUsername = mysqli_query($conn, "Select username * FROM users WHERE Username='$username'");
    $numrows = mysqli_num_rows($checkUsername);

        if($numrows!==1) {
        echo "Username not available";
    }else{
        $sql = "INSERT INTO `users` (`Username`, `Password`) VALUES ('$username', '$password')";

        if(!mysqli_query($conn, $sql)) {
            die(mysqli_error());
        } else {
             echo "1 record added";
        }
    }
?>

this is my reg form

<form id="register" action="db.php" method="post" >
      <div class="col-4">
        <label>
          Username
          <input placeholder="" id="username" name="username">
        </label>
      </div>
      <div class="col-4">
        <label>Password
        <input type="password" placeholder="" id="password" name="password">
        </label>
      </div>
      <div class="col-4">
        <label>Confirm Password
        <input type="password" placeholder="" id="password2" name="password2">
        </label>
      </div>

      <div class="col-submit">
        <input type="submit" class="submitbtn" name="register" value="Register">
      </div>
</form>

now the problem I'm encountering is, every time I click the register button, it just goes to the designated page and it shows the code of that page. where do you think is my error...

Isaac Bennetch
  • 11,830
  • 2
  • 32
  • 43
Jennifer
  • 1,291
  • 1
  • 11
  • 16
  • you're using `$db = 'dbTest'`; for the db, but then `mysqli_select_db($conn, "peanat")`, so which one is it? – Funk Forty Niner May 05 '16 at 14:50
  • Sounds like a web server or PHP SAPI misconfiguration if you're seeing the literal PHP code rendered in the browser. – Jonnix May 05 '16 at 14:51
  • btw, `mysqli_error()` => `mysqli_error($conn)` it needs a connection parameter – Funk Forty Niner May 05 '16 at 14:52
  • what message did you get when the page loaded? you have a few echoes there in your code and knowing which one executed would be very useful. – Webeng May 05 '16 at 14:55
  • @JonStirling, yes...it is the literal PHP code that is showing – Jennifer May 05 '16 at 14:57
  • Your script is open to [SQL injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). It's also a VERY bad idea to store plain text passwords. Consider switching to [password_hash](http://php.net/manual/en/function.password-hash.php) – Machavity May 05 '16 at 15:00
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 05 '16 at 15:47
  • phpMyAdmin is a tool to help administrators manage their MySQL or MariaDB servers, it's not a database itself. You probably mean you're using one of those instead. – Isaac Bennetch May 12 '16 at 14:21
  • Possible duplicate of [PHP code is not being executed, instead code shows on the page](http://stackoverflow.com/questions/5121495/php-code-is-not-being-executed-instead-code-shows-on-the-page) – Isaac Bennetch May 12 '16 at 14:21

1 Answers1

0
  1. Place the two files (db.php & reg.HTML) into your local web server folder. (eg. C:/xampp/htdocs/form/
  2. Open any internet browser and type in the path to your HTML file. Eg. Local host/form/reg.html and hit enter. You should get HTML form displayed on the browser and you're done.
Nahom Wosenu
  • 1
  • 2