-1

I am trying to create a signup form but I am not being able to get the user email into the sql database.

Here's my HTML form code

<form class="form-login" action="register.php" method="POST">
    <h2 class="form-login-heading">sign up now</h2>
    <div class="login-wrap">
        <input type="text" class="form-control" placeholder="First Name" name="first" autofocus>
        <br>
        <input type="text" class="form-control" placeholder="Last Name" name="last">
        <br>
        <input type="text" class="form-control" placeholder="Email" name="email">
        <br>
        <input type="text" class="form-control" placeholder="Username" name="username">
        <br>
        <input type="password" class="form-control" placeholder="Password" name="password">
        <label class="checkbox">
            <span class="pull-right">
                <a href="resetpassword.html"> Forgot Password?</a>

            </span>
        </label>
        <button class="btn btn-theme btn-block" type="submit"><i class="fa fa-lock"></i> SIGN UP</button>
        <hr>

        <div class="login-social-link centered">
            <p>or you can sign in via your social network</p>
            <button class="btn btn-facebook" type="submit"><i class="fa fa-facebook"></i> Facebook</button>
            <button class="btn btn-twitter" type="submit"><i class="fa fa-twitter"></i> Twitter</button>
        </div>
        <div class="registration">
            Don't have an account yet?<br/>
            <a class="" href="#">
                Create an account
            </a>
        </div>

    </div>

    <!-- Modal -->
    <div aria-hidden="true" aria-labelledby="myModalLabel" role="dialog" tabindex="-1" id="myModal" class="modal fade">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
                    <h4 class="modal-title">Forgot Password ?</h4>
                </div>
                <div class="modal-body">
                    <p>Enter your e-mail address below to reset your password.</p>
                    <input type="text" name="email" placeholder="Email" autocomplete="off" class="form-control placeholder-no-fix">

                </div>
                <div class="modal-footer">
                    <button data-dismiss="modal" class="btn btn-default" type="button">Cancel</button>
                    <button class="btn btn-theme" type="button">Submit</button>
                </div>
            </div>
        </div>
    </div>
    <!-- modal -->

</form>

here's the php code that I am using, the following php code is only able to insert the first name, last name, username, and password but Email is being left out. I tried the same php code on another form and that seemed to be working fine. Can someone explain where I am going wrong?

$first = $_POST['first'];
$last = $_POST['last'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];

the following is my sql code to insert data into the database the rest of the code that establishes the connection and everything seems to be working fine. So can someone tell me where I have gone wrong?

$sql = "INSERT INTO registeredusers (FirstName,LastName,UserName,Email,Password) 
VALUES ('$first','$last','$username_lower','$email','$encryptedPWD')";

here's the sql structure 

CREATE TABLE 'registeredusers' (
    'id' int(11) NOT NULL,
    'FirstName' varchar(50) NOT NULL,
    'LastName' varchar(50) NOT NULL,
    'UserName' varchar(50) NOT NULL,
    'Email' varchar(50) NOT NULL,
    'Password' varchar(255) NOT NULL,
    'ResetPassword' int(7) DEFAULT NULL,
    'friends' int(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Partharaj Deb
  • 864
  • 1
  • 8
  • 22
  • Please show us the structure of your `registeredusers` table (the CREATE syntax) – David Mar 07 '17 at 18:39
  • Off topic: I see your password var is named `$encryptedPWD`, [you should be hashing your passwords](http://stackoverflow.com/questions/326699/difference-between-hashing-a-password-and-encrypting-it) – castis Mar 07 '17 at 18:43
  • I just used the variable name encryptedPWD its actually being hashed –  Mar 07 '17 at 18:45
  • OK, hashing is not encryption and variable naming is important: Just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead iIterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as `PBKDF2`, `password_hash`, `Bcrypt` and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force. but hashing is not encryption. – zaph Mar 07 '17 at 18:50
  • I am using Bcrypt –  Mar 07 '17 at 18:53
  • Bcrypt is good! `password_hash` and `password_verify` are also good and easy to use. Consider the comment to be for future developers reading this question. – zaph Mar 07 '17 at 18:57
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Mar 07 '17 at 19:06
  • 1
    @Partharaj Deb gived you a good answer, and if that don't works post whole register.php – Mario Mar 07 '17 at 19:06
  • 1
    Do yourself a favor, simply place a `print_r($_POST)` or `var_dump($_POST)` in the PHP page which receives the form submission. Fill out your form, submit and look closely at the data printed to the screen. Familiarize yourself with how form data is posted to scripts, including what gets passed and what doesn't. – Jay Blanchard Mar 07 '17 at 19:07

1 Answers1

5

As I see you have 2 input with name="email" inside a single form tag (in the Signup form and the Forgot password form). This is the only reason.

As a suggestion you should use separate form tag or use different name of the email inputs.

Partharaj Deb
  • 864
  • 1
  • 8
  • 22