0

I am having trouble with inserting data to mysql database using PHP below is my code:

  <!DOCTYPE html>
    <html>
    <head>

    <link type="text/css" rel="stylesheet" href="css/style.css">
    <title></title>
    </head>
    <body>
    <div id="container">
    <div class="login">
    <form method="post" action="login.php">
    <table>
    <tr>
    <td><h1>E-mail</h1></td>
    <td><h1>Password</h1></td>
    </tr>
    <tr>
    <td><input type="text" name="login_email" id="login_email"></td>
    <td><input type="password" name="login_password" id="login_password"></td>
    <td><input type="submit" name="submit" id="login" value="Login"></td>
    </tr>
    <tr>
    <td colspan="3"><?php if(isset($_GET['message'])){ echo "<h2>" 

.$_GET['message']. "</h2>"; } ?></td>
        </tr>
        </table>
        </form>
        </div>
        <div class="form">
        <form method="post" action="index.php">
        <table>
        <tr>
        <td colspan="2"><?php if(isset($successful)){ echo $successful; } ?></td>
        </tr>
        <tr>
        <td><input type="text" name="names" id="names" placeholder="First Name" value="<?php if(isset($_POST['names'])){echo $_POST['names'];} ?>"></td>
        <td><input type="text" name="surname" id="surname" placeholder="Last Name" value="<?php if(isset($_POST['surname'])){echo $_POST['surname'];} ?>"></td>
        </tr>
        <tr>
        <td><?php if(isset($errors['name'])){echo "<h2>" .$errors['name']. "</h2>"; } ?></td>
        <td><?php if(isset($errors['surname'])){echo "<h2>" .$errors['surname']. "</h2>"; } ?></td>
        </tr>
        <tr">
        <td colspan="2"><input type="text" name="email" id="email" placeholder="E-mail Address" value="<?php if(isset($_POST['email'])){echo $_POST['email'];} ?>"></td>
        </tr>
        <tr>
        <td colspan="2"><?php if(isset($errors['email'])){echo "<h2>" .$errors['email']. "</h2>"; } ?></td>
        </tr>
        <tr>
        <td colspan="2"><input type="password" name="password" id="pw" placeholder="Password"></td>
        </tr>
        <tr>
        <td colspan="2"><?php if(isset($errors['password'])){echo "<h2>" .$errors['password']. "</h2>"; } ?></td>
        </tr>
        <tr>
        <td colspan="2"><input type="password" name="confirm_password" id="cpw" placeholder="Confirm Password">
        </tr>
        <tr>
        <td colspan="2"><?php if(isset($errors['confirm_password'])){echo "<h2>" .$errors['confirm_password']. "</h2>"; } ?></td>
        </tr>
        <tr>
        <td><input type="submit" name="submit" id="submit" value="Sign Up"></td>
        </tr>
        </table>
        </form>
        </div>
        <div class="footer"></div>
        </div>
        <?php
        $con = mysqli_connect("localhost","root","","form_validation");
        $name1 = $_POST['name'];
        $surname1 = $_POST['surname']; //this is line 32 and so on...
        $email = $_POST['email'];
        $password = hash('sha256', $_POST['password']);
        function createSalt()
        {
        $string = md5(uniqid(rand(), true));
        return substr($string, 0, 3);
        }
        $salt = createSalt();
        $password = hash('sha256', $salt . $password);

        $search_query = mysqli_query($con, "SELECT * FROM members WHERE email = '$email'");
        $num_row = mysqli_num_rows($search_query);
        if ($num_row >= 1) {
    $errors['email'] = "Email address is unavailable.";
    } else {
    $sql = "INSERT INTO members(`fname`, `lname`, `email`, `salt`,      `password`)`VALUES ('$name1', '$surname1', '$email', '$salt', '$password')"`;
    $query = mysqli_query($con, $sql);
    $_POST['name'] = '';
    $_POST['surname'] = '';
    $_POST['email'] = '';
    $successful = "<h3> You are successfully registered.</h3>";

    }
    ?>
    </body>
    </html>

here are the errors:

Notice: Undefined index: name in C:\wamp64\www\form_validation\index.php on line 70

Notice: Undefined index: surname in C:\wamp64\www\form_validation\index.php on line 71

Notice: Undefined index: email in C:\wamp64\www\form_validation\index.php on line 72

Notice: Undefined index: password in C:\wamp64\www\form_validation\index.php on line 73

Cœur
  • 37,241
  • 25
  • 195
  • 267
Abz
  • 1
  • 4
  • Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Feb 03 '17 at 15:28
  • Is that a typo at the end of your query? You have a back tick in there which doesn't belong. – Jay Blanchard Feb 03 '17 at 15:28
  • You are wide open for SQL injection. Since you're using mysqli, take advantage of [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php). – aynber Feb 03 '17 at 15:28
  • hi, thanks for the respond, at the moment am still new to php and i don't knwo where exactly i am going wrong, so i will appreciate if you can help me get past those errors – Abz Feb 03 '17 at 15:31
  • @Jay it's a typo, so can you help solve my problem please I am stuck, i just want to be able to send database using my form – Abz Feb 04 '17 at 08:30

0 Answers0