0

I'm using phpmyadmin and MySql for a project. This is the php file for the signup page.

<?php

include 'dbh.php';

$username = $_POST['username'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$inst_id = $_POST['inst_id'];

$sql = "INSERT INTO register ( 'username', 'email', 'pass', 'inst_name' ) VALUES('$username','$email','$pass','$inst_id')";
$result = mysqli_query($conn,$sql);

header("Location: index.html");

?>

I am not getting any error, but the data is not getting inserted into the table. When I try entering the data manually into the table and then loging in, it works. This is the code for the login page

<?php

include 'dbh.php';


$email= $_POST['email'];
$pass = $_POST['pass'];

$sql = "SELECT * FROM register WHERE email='$email' AND pass='$pass'";
$result = mysqli_query($conn,$sql);

if (!$row = mysqli_fetch_assoc($result)){
    echo "INCORRECT!";
}
else{
    //$session_id['id']=$row['id'];
    echo "YAYYY";
}

//header("Location: index.html");

Please help! Thanks in advance!!

Poornima Sivakumar
  • 1
  • 1
    You don't get any errors because you don't check for them in your code – John Conde Jan 05 '17 at 17:28
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Jan 05 '17 at 17:28
  • 1
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make surey ou ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Jan 05 '17 at 17:28

0 Answers0