Cannot insert form data into a MySQL database using PHP

Question

I am trying to insert data submitted in a form, into a MySQL Database, and I can't see the problem in my code(except for MySQL injection, that I will work to resolve after actually being able to insert any data). I have searched in Stack Overflow, and found someone who probably worked by the same manual, but I work in localhost, he's on GoDaddy. The solution given there doesn't work for me.

Here is my code for the HTML and the PHP code:

<?php 
  require'connection/connect.php';
  ?>
  <?php
  if(isset($_POST['Register'])){
      session_start();
      $Fname = $_POST['FirstName'];
      $Lname = $_POST['LastName'];
      $Email = $_POST['Email'];
      $pw = $_POST['Password'];


  $sql= $con->query("INSERT INTO user (Fname,Lname,Email,Password) values('{$Fname}', '{$Lname}', '{$Email}', '{$pw}')");
  }

  ?>
  <!DOCTYPE html >
  <html>
  <head>
  <link href="css/Master.css" rel="stylesheet" type="text/css" />
  <link href="css/Menu.css" rel="stylesheet" type="text/css" />
  <title>Register</title>
  </head>

  <body>


  <div class="container">
    <div class="header">

    </div>
    <div class="menu">
      <div id="NavBar">
       <nav>
       <ul>
       <li>
       <a href="Login.php">Login</a>
       </li>
       <li>
       <a href="Register.php">Register</a>
       </li>
       </ul>
       </nav>
  </div>

    </div>
    <div class="leftBody"></div>
    <div class="rightBody">
      <form  action="" method="post" name="RegisterForm" id="RegisterForm">
      <div class="FormElement">
      <input name="FirstName" id="FirstName" type="text" placeholder="First Name" class="TField">
      </div><br>
       <div class="FormElement">
      <input name="LastName" id="LastName" type="text" placeholder="Last Name" class="TField">
      </div><br>
       <div class="FormElement">
      <input name="Email" id="Email" type="email" placeholder="E-Mail" class="TField">
      </div><br>
       <div class="FormElement">
      <input name="Password" id="Password" type="password" placeholder="Password" class="TField">
      </div><br>
      <input name="Register" id="Register" type="button" value="Register" class="regButton">
      </form>

    </div>
    <div class="footer"></div>


  </div>

  </body>
  </html>

And this is my connection.php file: That it does show that it connects.

<?php
$host="localhost";
$username="root";
$password="";
$dataBase="users";
$con=mysqli_connect($host,$username,$password,$dataBase);
if (!$con) {
    die("Could not connect: " . mysqli_error());
}
echo "Connected successfully";
?>

And a picture of my database in phpMyAdmin: Database

I have tried also using this line like this for some reason, but to no avail.:

$sql= $con->query("INSERT INTO user
                          (Fname,Lname,Email,Password)   
                   values ('Fname', 'Lname', 'Email', 'pw')");

`('Fname', 'Lname', 'Email', 'pw')` you're trying to literally enter those values as strings rather than the POST arrays/variables. Guess what you're missing here? Clue: Think "money" ;-) — Funk Forty Niner, Aug 04 '16 at 11:41
Can you please describe error ? so we can identify that one and give you solution — Uttam Panara, Aug 04 '16 at 11:44
You're mixing object oriented and procedural style for using mysqli http://php.net/manual/en/mysqli.construct.php — GordonM, Aug 04 '16 at 11:44
*"and found someone who probably worked by the same manual, but I work in localhost, he's on GoDaddy"* - This smells like you're accessing as `file:///file.xxx` rather than `http://localhost/file.xxx`. — Funk Forty Niner, Aug 04 '16 at 11:46
Fred, i said i tried it, just to see if it inserts anything. and it has not. Uttam panara, it shows no error. — GabMic, Aug 04 '16 at 11:47
First of all you have to change type of reset button type. like () so that form can submit. — Uttam Panara, Aug 04 '16 at 11:50
@Fred-ii- it does not show code on the page, i echoed it to see if it connects. — GabMic, Aug 04 '16 at 11:51
@GrowingDev Ok, I see your submit button and should be an `submit` type, not `button` and Sanjiv Dhakal's answer picked up on that and I overlooked it. That should work. — Funk Forty Niner, Aug 04 '16 at 11:51
WOW! i cant believe it. it was because of the type="button" error! it works fine now. thank you very much to all of you, and especially for you @UttamPanara for pointed out to me. — GabMic, Aug 04 '16 at 11:54
@GrowingDev Btw, if you intend on going live with this, your code is open a serious SQL injection and probably storing passwords as plain text. It is not safe to use at the present moment. — Funk Forty Niner, Aug 04 '16 at 11:57
@GrowingDev There's also no need to update your question as being solved. Accepting an answer automatically marks it as such. Welcome to Stack ;-) Oh and I rolled back your question to another revision. — Funk Forty Niner, Aug 04 '16 at 11:58
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) — Jay Blanchard, Aug 04 '16 at 17:30
**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Aug 04 '16 at 17:31

score 5 · Accepted Answer · answered Aug 04 '16 at 11:50

5

i didn't see submit button that actually submit the form. So if i am not wrong please try to use

<input name="Register" id="Register" type="submit" value="Register" class="regButton">

answered Aug 04 '16 at 11:50

Sanjiv Dhakal

316
3
13

1

This looks promising. I'll upvote if it works for them. I overlooked that in the question; good catch. – Funk Forty Niner Aug 04 '16 at 11:52
1

[*"WOW! i cant believe it. it was because of the type="button" error! it works fine now. thank you very much to all of you, and especially for you @UttamPanara for pointed out to me. – GrowingDev"*](http://stackoverflow.com/questions/38766344/cannot-insert-form-data-into-a-mysql-database-using-php#comment64904410_38766344) - Yep, that was it alright. ;-) – Funk Forty Niner Aug 04 '16 at 11:55
Yes, that's it. and i have also updated the OP with this answer. Thanks. – GabMic Aug 04 '16 at 11:58

score -1 · Answer 2 · edited Aug 04 '16 at 11:44

-1

your code should be run

$sql= $con->query("INSERT INTO user 
                           (Fname,Lname,Email,Password)   
                     VALUES('$Fname', '$Lname', '$Email', '$pw')");

edited Aug 04 '16 at 11:44

RiggsFolly

93,638
21
103
149

answered Aug 04 '16 at 11:43

arash rahimi

65
12

1

They said they already tried that. What do you think my "comment" was about. They had `values('{$Fname}', '{$Lname}', '{$Email}', '{$pw}')` also; same thing here. – Funk Forty Niner Aug 04 '16 at 11:44
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Aug 04 '16 at 17:32

Cannot insert form data into a MySQL database using PHP

2 Answers2