1

While creating my website, I was working on a Sign-Up and Login database when I ran into an error I can not seem to shake. While trying to store a users 'Name', 'Email', and 'Password' it is not being inserted into my MySQLi database.

Connections.php:

<?php 

$con = mysqli_connect("localhost", "root", "", "kappa-sigma");

?>

Index.php:

<?php require 'Connections/connections.php'?>
<?php 

    if (!$con) {
    die("Connection failed: " . mysqli_connect_error());
    }

    if(isset($_POST['Register'])) {

        session_start();
        $FName = $_POST['First_Name'];
        $LName = $_POST['Last_Name'];
        $Email = $_POST['Email'];
        $PW = $_POST['Password'];

        $sql = $con->query("INSERT INTO user (Fname, Lname, Email, Password)VALUES ('$FName','$LName','$Email','$PW')");
    }

?>

I am using WAMPserver and phpMyAdmin but after submitting the HTML form nothing is added to the kappa-sigma database.

Mason Salcido
  • 85
  • 6
  • You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. – John Conde Feb 26 '17 at 04:00
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Feb 26 '17 at 04:00

0 Answers0