-1

EDIT: Question was marked as a duplicate for asking about backticks and other things? That was not my intention. I was wondering why this specific code was not executing correctly.

Solved: needed to add mysqli_query($mysql) as well as $sql = "INSERT INTO userinfo (email, username, password, ip) VALUES ('$email', '$username', '$password', '$ip')"; Thanks!

My goal is to create a register page in which PHP takes inputs and adds the data to a MySQL table through MySQLi.

The name of the table is userinfo. I have also checked config.php and verified that the password, username, and database are all correct.

$db is in config.php

The relevant PHP code goes as follows:

<?php
include("config.php");
session_start();

if($_SERVER["REQUEST_METHOD"] == "POST") {

  // username and password sent from form
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $password = mysqli_real_escape_string($db, $_POST['password']);
  $email = mysqli_real_escape_string($db, $_POST['email']);
  $ip = mysqli_real_escape_string($db, "N/A");

  //checks for different ips (no masking allowed unless u tryhard)
  if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
     $ip = $_SERVER['HTTP_CLIENT_IP'];
  } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
      $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
  } else {
      $ip = $_SERVER['REMOTE_ADDR'];
  }
  //inserts info into tables
  $sql = "INSERT INTO userinfo (email, username, password, ip) VALUES ($email, $username, $password, $ip);";

mysqli_query($mysql);
}
?>

All inputs on the table are text-based.

           <form action = "" method = "post">
              <label>Email: </label><input type = "text" name = "email" class = "box" /><br/><br />
              <label>Create UserName: </label><input type = "text" name = "username" class = "box"/><br /><br />
              <label>Create Password: </label><input type = "password" name = "password" class = "box" /><br/><br />
              <label>Verify password: </label><input type = "password" name = "vpassword" class = "box"/><br/><br/>
              <input type = "submit" value = " Submit "/><br />
           </form>
mobimobi
  • 13
  • 6
  • What exactly is going wrong? Are you getting any errors? Try debugging first. – JasonK Jun 15 '16 at 15:17
  • You need to set up a db connection and actually perform the query, in the code above you've just created a variable holding the query string. It does nothing against the database. You also should look into parameterized queries instead of using mysqli_real_escape_string and inserting potentially dangerous variables directly into the query string. – JimL Jun 15 '16 at 15:18
  • I am receiving no errors which is strange. – mobimobi Jun 15 '16 at 15:32
  • Rule #1: Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. – mobimobi Jun 15 '16 at 15:35
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Jun 17 '16 at 15:29

2 Answers2

1

I don't see any code performing the query. Use mysqli_query($db, $sql) to execute the INSERT statement. If this is not the problem, please provide more information on what is actually going wrong.

Edit Also check your statement $sql. The variables are not parsed but saved as a string. Instead of writing VALUES ($email,...), write VALUES ('" . $email . "',...) or VALUES ('{$email}',...)

JasonK
  • 5,214
  • 9
  • 33
  • 61
0

$sql = "INSERT INTO userinfo (email, username, password, ip) VALUES ('$email', '$username', '$password', '$ip')";

Ehab Eldeeb
  • 722
  • 4
  • 12