Can't get my data Inserted into MySQL database, using PHP

Question

I am working on a school project and can't get registration page done right. It just doesn't insert the data in table.

Here is a screenshot for database and table

I have added the HTML, and after going through all your answers I think I am using outdated videos and study material to learn (PHP, HTML, CSS, Website Security).

 <!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title>Register</title>
  </head>
  <body>
    <div class="form">
      <h2>Registeration</h2>
      <form action="" method="post">
              Name<input type="text" name="name" placeholder="First & Last name" required><br><br>
              Username<input type="text" name="username" placeholder="Username"required><br><br>
              Password<input type="password" name="password" placeholder="Keep it Strong"required><br><br>
              Confirm Password<input type="password" name="confirm-pass" placeholder="Re-Enter Password"required><br><br>
              Email<input type="email" name="email" placeholder="Email"required><br><br>
              Phone No.<input type="text" name="phone-no" placeholder="Phone No"required><br><br>
              Gender<input type="text" name="gender" placeholder="Male or Female"required><br><br>
              State<input type="text" name="state" placeholder="State"required><br><br>
              <button type="submit" name="home">Home</button>
              <button type="submit" name="sub">Submit</button>
              <button type="submit" name="reset">Reset</button>
            </form>
    </div>
  </body>
</html>
<?php
$con=mysqli_connect('localhost','root','123456789','eedb');
if ($con)
{
    if (isset($_POST['sub']))
    {
        $n= $_POST['name'];
        $un=$_POST['username'];
        $p=$_POST['password'];
        $cp=$_POST['confirm-pass'];
        $e=$_POST['email'];
        $pn=$_POST['phone-no'];
        $g=$_POST['gender'];
        $s=$_POST['state'];
        mysqli_query($con,"SELECT * FROM `register`");
        $insert= mysqli_query($con,"INSERT INTO `register`(`name`, `username`, `password`, `confirm-pass`, `email`, `phone-no`, `gender`, `state`) VALUES ('$n','$un','$p','$cp','$e','$pn','$g','$s')");
        if ($insert)
        {
            echo "<center>Data Successfully Submitted</center>";
        }
        else
        {
            echo "<center>Data Not Submitted</center>";
        }
    }
}
else
{
    echo "<center>Oh!no there is an error.<br><br>But don't worry we have an army of trained chimpanzies to deal with it.<br><br> <image src='images/chimps.jpg'><br><br>Come Back Soon</center>";
}
if (isset($_POST['home']))
{
    header("location:index.php");
}
if (isset($_POST['reset']))
{
    header("location:register.php");
}
?>

Answer 1

Since you didn't post your HTML form, I am posting the following answer, which is what your HTML form should (basically) look like, which btw only contains the one example element.

You will need to fill in the rest and follow the same convention.

<form method="post" action="handler.php">

First name:
<input type="text" name="name">
<br>
<input type="submit" name="sub" value="Submit">

</form>

Then escape your values, should there contain any characters that MySQL may complain about, such as apostrophes.

I.e.: Doug's Bar & Grill.

Then:

$n= mysqli_real_escape_string($con, $_POST['name']);

Something you should use or a prepared statement since your code is presently open to an SQL injection.

• Ref: How can I prevent SQL injection in PHP?

And do the same for all your other POST arrays.

The name attribute is required for POST arrays when using pure PHP and a post method for the HTML form.

Sidenote: Your entire code is dependant on the following conditional statement
if (isset($_POST['sub'])){...}. So make sure that that form element bears the same name attribute for it.

• Check for errors also.

Since this does not help you:

echo "<center>Data Not Submitted</center>";

References:

• http://php.net/manual/en/mysqli.error.php
• http://php.net/manual/en/function.error-reporting.php

It's unclear as to what you're trying to do with this line:

mysqli_query($con,"SELECT * FROM `register` ");

If the goal is to check if a row exists, then consult one of my answers on Stack:

• check if row exists with mysql

---

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended.

Use one of the following:

• PHP 5.5's password_hash() function.
• Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/

Important sidenote about column length:

If and when you do decide to use password_hash() or the compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.

You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.

Other links of interest:

• CRYPT_BLOWFISH
• crypt()
• bcrypt()
• scrypt()
• On OPENWALL
• PBKDF2
• PBKDF2 on PHP.net
• PBKDF2 For PHP

---

HTML stickler:

The <center> tag is deprecated and has been removed from Web standards.

For more information, visit the following:

• https://developer.mozilla.org/en-US/docs/Web/HTML/Element/center

Answer 2

you can try this

$insert= mysqli_query($con,"INSERT INTO `register`(`name`, `username`, `password`, `confirm-pass`, `email`, `phone-no`, `gender`, `state`)VALUES ('$n','$un','$p','$cp','$e','$pn','$g','$s')");

you can try to use notepad++ or any other editor (e.g netbeans )that will make the open and closed brackets more obvious .