0

I'm making a simple registration form for a test website and for some reason it isn't sending the data to the database, and I don't get an visual error. I've searched around for a fix but haven't found any that work.

This is basically my form (I only copied the form part of the page):

    <form action="includes/insert.php" method="post">
        <h3>Username</h3>
        <input type="text" name="username">
        <br>
        <br>
        <h3>Email Address</h3>
        <input type="email" name="email">
        <br>
        <br>
        <h3>Password</h3>
        <input type="password" name="password">
        <br>
        <br>
        <br>
        <input id="submit-btn" type="submit" name="submit" value="Submit">
    </form>

As you can see everything is as its suppose to be.

and this is my insert.php

<?
define('DB_NAME', 'logindb');
define('DB_USER', 'root');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if (!$link) {
    die('Could not connect: ' . mysql_error());
}

$db_selected = mysql_select_db(DB_NAME, $link);

if (!$db_selected) {
    die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}

$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];

$sql = "INSERT INTO `users` (`id`, `username`, `email`, `password`, `timestamp`) VALUES (NULL, '$username', '$email', '$password', CURRENT_TIMESTAMP)";

if (!mysql_query($sql)) {
    die('Error: ' . mysql_error());
}

mysql_close();
?>
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Ebniax.Axel
  • 3
  • 1
  • 1
    The id column is most likely an auto increment column, therefore you should remove it from the INSERT INTO statement. – ViRuSTriNiTy Aug 02 '16 at 19:47
  • 3
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Aug 02 '16 at 19:53
  • 3
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Aug 02 '16 at 19:53
  • 3
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Aug 02 '16 at 19:53
  • Echo your `$sql` and look in your error logs. – Jay Blanchard Aug 02 '16 at 19:55
  • 3
    @ViRuSTriNiTy Inserting a `NULL` value for an autoincrement field as done here works just fine so long as that field is specified as `NOT NULL` – Mike Brant Aug 02 '16 at 19:56
  • Are you actually testing this on a web server? – Jay Blanchard Aug 02 '16 at 19:57
  • @Ebniax If you are making a login form then why you are inserting values in table ? – Lokesh Pandey Aug 02 '16 at 20:02
  • You have to do the INSERT before you can do the login @Lokesh – Jay Blanchard Aug 02 '16 at 20:03
  • @JayBlanchard Then that is like registeration form. Here he has asked regarding login form. – Lokesh Pandey Aug 02 '16 at 20:05
  • Don't get too hung up on semantics here @Lokesh – Jay Blanchard Aug 02 '16 at 20:06
  • Well i am just following the question it didn't make any sense to me that why he need to insert in a login form ? @JayBlanchard – Lokesh Pandey Aug 02 '16 at 20:09
  • I know. Many people do not have good command of the English language @Lokesh so we have to be a little more liberal when reading questions. – Jay Blanchard Aug 02 '16 at 20:10
  • @JayBlanchard I got that. – Lokesh Pandey Aug 02 '16 at 20:21
  • If theres any confusion still, i am making a very simple registration form :) i will learn about the security parts later, thank you so much for the information though @JayBlanchard – Ebniax.Axel Aug 04 '16 at 08:55
  • I hate when people say *"I'm not that far along..."* or *"This site will not be public..."* or *"It's only for school, so security doesn't matter..."*. If teachers and professors are not talking about security from day one, they're doing it wrong. Challenge them. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, *"I'll add security later..."* or *"Security isn't important now..."* or *"Ignore the security risk..."*. If you don't have time to do it right the first time, when will you find the time to add it later? – Jay Blanchard Aug 04 '16 at 11:41
  • @JayBlanchard You are correct that my techers did not include the security part. but im only trying to learn the basic's of a login/register function. i can assure you that i will ofcourse read up on security and all but for now, i want to make this register form work :) – Ebniax.Axel Aug 04 '16 at 11:59

2 Answers2

1

Opening PHP tag is 

<?php

Recent versions of PHP do not enable the short code syntax by default.

Duane Lortie
  • 1,285
  • 1
  • 12
  • 16
0

Use NOW() instead of CURRENT_TIMESTAMP.

muya.dev
  • 966
  • 1
  • 13
  • 34
  • [`CURRENT_TIMESTAMP` is a synonym for `NOW()`](https://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_now) and https://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_current-timestamp – Jay Blanchard Aug 02 '16 at 19:59
  • Is NOW() more preferable than CURRENT_TIMESTAMP? – Ebniax.Axel Aug 04 '16 at 09:00