0

I have spent all night trying various different ways to connect my .php script to my localhost server, but I'm having no luck. I tried copying the socket script from MAMP homepage, and have also tried to use a script I found in another article on here, as well as a Youtube tutorial, but with no success.

It is a simple login form, which renders as it should on my webpage, but when I submit a form to the DB, no entries are made in the users table.

As I am very new to PHP I am out of ideas for what I believe should be a simple task. I will post the code below hopefully someone can see my error.

dbh.php:

<?php 

$conn = mysqli_connect("localhost", "root", "root", "authentication", "8889");

 if(!conn) {
die("Failed: " . mysqli_connect_error());
}


?>

signup.php:

<?php 

        include 'dbh.php';



        $uid = $_POST['uid'];
        $pwd = $_POST['last'];
        $pwd_again = $_POST['pwd_again'];

        #echo $first."<br>";
        #echo $last."<br>";
        #echo $uid."<br>";
        #echo $pwd ."<br>";

        $sql = "INSERT INTO user (uid, pwd, pwd_again) VALUES ('$uid', '$pwd' '$pwd_again')";

        $result = mysql_query($conn, $sql); 


        echo "<script type='text/javascript'>  window.location='main.php'; </script>";

        ?>

index.php:

<!DOCTYPE html>
    <html>
        <head>
        <?php include 'dbh.php';
     ?>
        </head> 
        <body>

    <div id="signUp">

        <form action="signup.php" method="POST">
            <input type="text" name="uid" placeholder="Username"><br>
            <input type="Password" name="pwd" placeholder="Password"><br>
            <input type="Password" name="pwd_again" placeholder="Confirm Password"><br>
            <button type="submit">Register</button>
         </form>

    </div>
        </body>
    </html>

Does anyone know what it could be?

Andrew
  • 33
  • 1
  • 7
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Feb 02 '17 at 02:33
  • You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysql_error()`](http://php.net/manual/en/mysql.error.php) to get a detailed error message from the database. – John Conde Feb 02 '17 at 02:33
  • You have no field named `last` in the form. And why do you have the password in `first`, shouldn't that be the user's first name? – Barmar Feb 02 '17 at 02:37
  • I haven't addressed the threat of an SQJ injection yet because I can't even connect to the database myself. I have also changed the field values to reflect the variables and its not working either. No idea what could be going on – Andrew Feb 02 '17 at 02:48
  • if(!conn) { die("Failed: " . mysqli_connect_error()); } You have made a typo here. Its $conn. Not conn. – Saravanan Sampathkumar Feb 02 '17 at 03:01
  • @SaravananSampathkumar I have changed this to $conn, its still not updating my database, but there is also no error message showing, why could this be? – Andrew Feb 02 '17 at 03:07
  • Secondly, you have used mysql_query, but have made connection using mysqli_connect. So do mysqli_query instead of mysql_query. It'll work. – Saravanan Sampathkumar Feb 02 '17 at 03:10
  • @SaravananSampathkumar Ah yes, good man thank you! I had been staring at this for too long, couldn't see the obvious. Cheers! – Andrew Feb 02 '17 at 03:33
  • Glad I could help :) Cheers. – Saravanan Sampathkumar Feb 02 '17 at 03:34

0 Answers0