0

I am having trouble connecting to mysql using php. I have a database called contacts that i am trying to connect to and the table i am trying to add to is 'tblusers'. I have created a user on Contacts called 'Web_User' identified by 'my12130'. When the user fills out all fields and the passwords match and they hit submit, the page is to then to be redirected to a memberContect page. Everytime I use the following method of connecting, the "error on table connection" message from my connection code is displayed when i fill out everything write and hit submit. (NO PHP errors are displayed i.e. there are no errors in the orange/white box). It does not make a difference if i change the hostname to localhost either because i've tried both. I am using the wamp server by the way to run my php code. I have a comment right above the connection code, which is where I am running into problems.

mysql databases:

mysql> show databases;

+--------------------+
| Database           |
+--------------------+
| information_schema |
| contacts           |
| mysql              |
| performance_schema |
| test               |
+--------------------+

list of tables in contacts: mysql> use contacts; Database changed mysql> show tables;

+--------------------+
| Tables_in_contacts |
+--------------------+
| tblusers           |
+--------------------+

1 row in set (0.00 sec)

php:

<?php

if ($_POST['submit']!=""){
        if ($_POST['username']=="" || $_POST['password1']=="" || $_POST['password2']=="" || $_POST['firstname']=="" || $_POST['lastname']=="" || $_POST['email']=="" || $_POST['address']=="" || $_POST['city']=="" || $_POST['state']=="" || $_POST['zipcode']=="" || $_POST['phone']==""){
        $error=1;
        }
    else if ($_POST['password1']!=$_POST['password2']){
        $error=2;
    }
    else{
        $hostname="localhost";
        $database="contacts";
        $mysql_login="Web_User";
        $mysql_password="my12130";

        if (!($db = mysqli_connect($hostname, $mysql_login, $mysql_password))){
            echo "error on connect";
            exit;
        }
        else{
            if(!(@mysqli_select_db($database, $db))){
             echo mysql_error();
             echo "<br>error on table connection";
             exit;
          }
          else{
              $SQL = "Insert into tblUsers (username,password,firstname,lastname, email, address, city, state, zip, phone, signupDate) values('".$_POST['username']."',PASSWORD('".$_POST['password1']."'),'".$_POST['firstname']."'.'".$POST['lastname']."'.'".$POST['email']."'.'".$POST['address']."'.'".$POST['city']."'.'".$POST['state']."'.'".$POST['zipcode']."'.'".$POST['phone']."',NOW())";
              mysql_query($SQL);
              if(is_numeric(mysql_insert_id())){
                  header("Location:memberContect.php?name=".$_POST['username']);
              }
              else{
                  echo "Sorry, there was an error with your signup. Please contact the administrater";
              }
              mysql_close($db);
          }
       } 
    }
}

?>
chris85
  • 23,846
  • 7
  • 34
  • 51
alecks55
  • 1
  • 1
  • 4
    You are mixing mysql with mysqli – Mihai May 07 '16 at 16:21
  • 1
    You should use prepared statements. This will be open to SQL injections once you use the `mysqli_query` function. See http://php.net/manual/en/mysqli.quickstart.prepared-statements.php and/or http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1. – chris85 May 07 '16 at 16:25

1 Answers1

0

  1. You can connect directyl to the database that you want as follow:

    mysqli_connect($hostname, $mysql_login, $mysql_password, $database);

  2. The issue is that the function mysqli_select_db try to change the selected db to another one (but you did not select one, so first you need to use the first function)

  3. I suggest you to use isset() funtion instead of !='' Also you can use addslashes() and ms5() functions for insert And your code can look like this: 

    else if ($_POST['password1']!=$_POST['password2']){
    $error=2;
}
else{
    $hostname="localhost";
    $database="contacts";
    $mysql_login="Web_User";
    $mysql_password="my12130";
    $conn = mysqli_connect($hostname, $mysql_login, $mysql_password, $database);
    if (!$conn){
        echo "error on connect";
        exit;
    }
    else{
          $username = addslashes($_POST['username']);
          $password = md5($_POST['password1']);
          $firstname = addslashes($_POST['firstname']);
          $lastname = addslashes($POST['lastname']);
          $email = addslashes($POST['email']);
          $address = addslashes($POST['address']);
          $lastname = addslashes($POST['city']);
          $state = addslashes($POST['state']); /* or $state = addslashes($POST['state']); */
          $zipcode = intval($POST['zipcode']); /* or $zipcode = addslashes($POST['zipcode']); */
          $phone = intval($POST['phone']);
          $signupDate = date("Y-m-d h:i:sa");

          $SQL = "INSERT INTO tblUsers (username, password, firstname, lastname, email, address, city, state, zip, phone, signupDate) 
          VALUES('$username', '$password', '$firstname', '$lastname', '$email', '$address', '$city', '$state', '$zip', '$phone', '$signupDate')";
          mysql_query($SQL);
          if(is_numeric(mysql_insert_id())){
              header("Location:memberContect.php?name=".$_POST['username']);
          }
          else{
              echo "Sorry, there was an error with your signup. Please contact the administrater";
          }
          mysql_close($db);
      }
   } 
}

    }

  4. You can use extract() function to avoid writting $_POST:

    if ($_SERVER["REQUEST_METHOD"] == "POST") : extract($_POST); then the $_POST['address'] will become $adress

C.A. Oprea
  • 1
  • 2