0

this is my connect file which is error free but seems to not connect to my database. 

<?php
$username="root";$password="Abubba21";$database="posts";
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
mysql_close();
?>

Here is my code, I even have to put the php header at the bottom of the file because otherwise nothing will be displayed

<body>

<?php

 $db_host = "localhost";
 $db_username = "root"
 $db_pass = "Abubba21";
 $db_name = "accounts";

 try
 {
    $db = new PDO('mysql:host='.$db_host.';dbname'.$db_name,$db_username,$db_pass);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
    //$result = $db->query
 }
 catch(PDOException $e)
 {
    echo "Server error: ",$e->getCode()."invalid server";
 }
 $reg = @$_POST['reg'];

 $un = "";
 $pswd = "";
 $em = "";
 $em2 = "";
 $pswd2 = "";

 $un = strip_tags(@$_POST['username']);
 $pswd = strip_tags(@$_POST['password']);
 $em = strip_tags(@$_POST['email']);
 $pswd2 = strip_tags(@$_POST['password2']);
 $em2 = strip_tags(@$_POST['email2']);

 if($reg){
    if($em == $em2){

        $u_check = mysql_query("SELECT username FROM accounts WHERE username = '$un'");
        $check = mysql_num_rows($u_check);
        if($check==0){
            if($un&&$pswd&&$em&&$pswd2&&$em2){
                if($pswd == $pswd2){

                if(strlen($un)>25)
                {
                    echo "The maximum limit for the username is 25 characters.";

                }
                else
                {
                    if(strlen($pswd)>30||strlen($pswd)<5){
                    echo "Your password has to be between 5 and 30 characters.";
                }
                else
                {
                    $pswd = md5($pswd);
                    $pswd2 = md5($pswd2);
                    $query = mysql_query("INSERT INTO accounts VALUES ('','un','pswd','em')");
                    die("<h2>Welcome</h2> Log in to start");
                }   
                }
                }
                else
                {
                    echo "Your passwords don't match";
                }
                }
                else
                {
                    echo "You must fill in all fields";
                }
                }
                else
                {
                    echo "Username is already token";
                }
                }
                else
                {
                    echo "Your emails don't match";
                }
            }

?>



    <div class="body">


        <div class="register">
            <h1 class="heads">Register</h1><br><br><br><br>

            <form action="#" method="post">
                <div class="login">
                    <input type="text" name="username" value="" placeholder="Username ...">
                    <p />
                    <input type="password" name="password" value="" placeholder="Password ...">
                    <p />
                    <input type="password" name="password2" value="" placeholder="Password ...">
                    <p />
                    <input type="email" name="email" value="" placeholder="someone@somesite.com">
                    <p />
                    <input type="email" name="email2" value="" placeholder="someone@somesite.com">
                    <p />
                    <input type="submit" name="createaccount" value="Create Account">
                </div>
            </form>
        </div class="register">
        <div class="grad"></div>
        <div class="header">
            <div><span>Welcome</span></div> <br><br>
        </div>
        <br>
        <form action="home.php" method="post">
            <div class="login">
                <input type="text" name="username" value="" size="30" placeholder="username"><br>
                <input type="password" name="password" value="" size="30" placeholder="password">
                <input type="submit" name="login" value="Login"><br>

            </div>
        </form>
    </div>

    <?php include("connect.php"); ?>

abiel
  • 9
  • 4
  • Please indent your code this is hard to read. Are you using error reporting? You are open to SQL injections. `'un','pswd','em'` are strings, not variables, is that intentional? – chris85 Mar 12 '17 at 20:12
  • Yep, storing passwords as `md5()` and using `mysql` would say this script is over 10 years old. Time to grab a book and learn the standards of today. – Xorifelse Mar 12 '17 at 20:12

2 Answers2

0

I believe your query string is incorrect:

$query = mysql_query("INSERT INTO accounts VALUES ('','un','pswd','em')");

To:

$query = mysql_query("INSERT INTO accounts (\`my_column_name\`,\`another_column\`,\`etc\`,\`etc2\`) VALUES ('','un','pswd','em')");
chris85
  • 23,846
  • 7
  • 34
  • 51
Kirk Powell
  • 908
  • 9
  • 14
  • You don't need to specify columns. The ticks also shouldn't be escaped, not sure if that was for the code formatting here. – chris85 Mar 12 '17 at 20:22
  • Yes, the ticks had to be escaped to display them. I'm curious about where in the MySQL documentation it says that they are not required? – Kirk Powell Mar 12 '17 at 20:27
  • `If you do not specify a list of column names for INSERT ... VALUES or INSERT ... SELECT, values for every column in the table must be provided by the VALUES list or the SELECT statement. If you do not know the order of the columns in the table, use DESCRIBE tbl_name to find out.`-https://dev.mysql.com/doc/refman/5.7/en/insert.html – chris85 Mar 12 '17 at 20:28
  • @abiel Is your insert referencing each of the columns in your table, i.e. there are only four columns in your SQL table? – Kirk Powell Mar 12 '17 at 20:32
  • @dreamwalker yes that's correct – abiel Mar 12 '17 at 20:44
  • @abiel If this answer resolves your issue please mark it as accepted. If not please address the comments on your question. – chris85 Mar 12 '17 at 21:01
  • my database still does not save anything – abiel Mar 12 '17 at 21:04
  • would it help to reinstall phpmyadmin? – abiel Mar 12 '17 at 21:07
  • @abiel log into phpmyadmin and run your query on that table. if the query has any errors, phpmyadmin will tell you. If you don't have a query error ... look at the PHP access log in apache. – Kirk Powell Mar 12 '17 at 21:15
  • the access log is responsive is there something specific i should look for? – abiel Mar 12 '17 at 21:24
  • i'm getting this in my error log sorry for the length: [Sun Mar 12 17:22:46.862715 2017] [:error] [pid 5564:tid 1120] [client ::1:61042] PHP Fatal error: Uncaught Error: Call to undefined function mysql_connect() in C:\\Apache24\\htdocs\\connect.inc.php:62\nStack trace:\n#0 C:\\Apache24\\htdocs\\index.php(327): include()\n#1 {main}\n thrown in C:\\Apache24\\htdocs\\connect.inc.php on line 62, referer: http://localhost/index.php – abiel Mar 12 '17 at 21:29
  • @abiel So you are probably using PHP 7. You'll need to use `pdo` or `mysqli`. `mysql_` no longer exists. That information belongs in the question and you should address the comments on the question. – chris85 Mar 12 '17 at 23:06
  • here's my up dated code – abiel Mar 13 '17 at 00:01
  • $db_host = "localhost"; $db_username = "root" $db_pass = "Abubba21"; $db_name = "accounts"; try { $db = new PDO('mysql:host='.$db_host.';dbname'.$db_name,$db_username,$db_pass); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); //$result = $db->query } catch(PDOException $e) { echo "Server error: ",$e->getCode()."invalid server"; } – abiel Mar 13 '17 at 00:02
  • i just used pdo and now i'm getting this: – abiel Mar 13 '17 at 00:03
  • [Sun Mar 12 19:59:06.370206 2017] [:error] [pid 5564:tid 1120] [client ::1:64470] PHP Parse error: syntax error, unexpected '$db_pass' (T_VARIABLE) in C:\\Apache24\\htdocs\\index.php on line 209 – abiel Mar 13 '17 at 00:04
  • nvm i see the missed semicolon sorry – abiel Mar 13 '17 at 00:05
  • now it's catching errors : Server error: 0invalid server – abiel Mar 13 '17 at 00:14
0

The example code is using mysql_query function, but the connection is PDO. That is not going to work. Do not mix function calls from the database extensions. Pick one.

With PHP, there's three commonly used database interface extensions:

  • mysql_ do not use this for new code

  • MySQLi

  • PDO_ - supports MySQL and other databases

Please see the notice here:

http://php.net/manual/en/function.mysql-query.php

Warning This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
. mysqli_query()
. PDO::query()

http://php.net/manual/en/mysqlinfo.api.choosing.php

Do not mix function calls from the database interface extensions. That's not going to work.

MD5 hash is unsuitable for passwords. http://php.net/manual/en/faq.passwords.php

spencer7593
  • 106,611
  • 15
  • 112
  • 140