0

My code:

<?PHP

session_start();
$user = 'root';
$password = 'root';
$db = 'Authentication';
$host = 'localhost';
$port = 3306;

$link = mysqli_init();
$success = mysqli_real_connect(
   $link, 
   $host, 
   $user, 
   $password, 
   $db,
   $port
);
if(isset($_POST['sbtn'])){
    session_start();
    $f_name = mysqli_real_escape_string($_POST['f_name']);
    $l_name = mysqli_real_escape_string($_POST['l_name']);
    $email = mysqli_real_escape_string($_POST['email']);
    $pass = mysqli_real_escape_string($_POST['pass']);
    $c_pass = mysqli_real_escape_string($_POST['c_pass']);

    if($pass == $c_pass){
        //create user
        $Password = md5($pass);
        mysqli_query($success, $db);

        $query = "INSERT INTO users( email, password, f_name, l_name) VALUES ($email, $pass, $f_name, $l_name)";
        mysqli_query($success, $query);
    }else{
        //tell user they are not equal
        echo("The two passwords did not match");
    }
}

mysqli_close($success);
?>

It seems to be that all of the rest of the code works as I have error checked the code and I am new to coding in php therefor I am struggling to understand how i am able to overcome this problem!

Help would be much appreciated!

Sam Segers
  • 1,951
  • 2
  • 22
  • 28
edward davies
  • 11
  • 5
  • If you are new to php, I suggest you to learn pdo rather than mysqli. This is not related to your problem but I still needed to say it. – Gökhan Mete ERTÜRK Oct 22 '16 at 13:29
  • Have you tried printing out the generated query to the screen and then execute it directly in mysql to see what is happening? (Hint: Quotes) – Sam Segers Oct 22 '16 at 13:57

1 Answers1

-1

Try to change:

$query = "INSERT INTO users( email, password, f_name, l_name) VALUES ($email, $pass, $f_name, $l_name)";

to:

$query  = "INSERT INTO users( email, `password`, f_name, l_name) VALUES ('$email', '$pass', '$f_name', '$l_name')";

Explanation: When to use single quotes, double quotes, and backticks in MySQL

Then:

mysqli_query($success, $db);
mysqli_query($success, $query);
mysqli_close($success);

to:

mysqli_query($link, $db);
mysqli_query($link, $query);
mysqli_close($link);

And finally:

mysqli_query($link, $query);

to:

$result = mysqli_query($link, $query);
    if (!$result) {
        echo '<pre>';
        var_dump(mysqli_error_list($link));
        echo '</pre>';
    }

(for debugging purposes)

Explanation:

Sorry about my (poor) English

All these replacements done ($success -> $link) because those functions requires link identifier which returned by mysqli_connect() or mysqli_init(), but you passing $success (bool value) http://php.net/manual/en/mysqli.query.php (Procedural style requirements)

Change:

$f_name = mysqli_real_escape_string($_POST['f_name']);
$l_name = mysqli_real_escape_string($_POST['l_name']);
$email = mysqli_real_escape_string($_POST['email']);
$pass = mysqli_real_escape_string($_POST['pass']);
$c_pass = mysqli_real_escape_string($_POST['c_pass']);

to

$f_name = mysqli_real_escape_string($link,$_POST['f_name']);
$l_name = mysqli_real_escape_string($link,$_POST['l_name']);
$email = mysqli_real_escape_string($link,$_POST['email']);
$pass = mysqli_real_escape_string($link,$_POST['pass']);
$c_pass = mysqli_real_escape_string($link,$_POST['c_pass']);

Explanation: mysqli_real_escape_string require link identifier returned by mysqli_connect() or mysqli_init(). http://php.net/manual/en/mysqli.real-escape-string.php (Procedural style requirements)

Community
  • 1
  • 1
konstantin.s
  • 1
  • 2
  • I would suggest adding some explanation as to how this would solve the OP's problem. – RamenChef Oct 22 '16 at 16:14
  • Thanks this worked but it fills up the database with empty information would you have any clue as to why it worked once changed and how i can fix it from sending across no information? – edward davies Oct 22 '16 at 19:13
  • Added some explanation. Empty values problem was fixed by proper using mysqli_real_escape_string() function http://php.net/manual/en/mysqli.real-escape-string.php (Procedural style requirements) – konstantin.s Oct 22 '16 at 19:45