0

I made a simple registration form. How should i edit this form to add something like : user_id, or date_created? When i add user_id column to PHPMyAdmin, the user can't register, but when i have only the values : 'First Name' ; 'Last Name' ; 'Email' ; 'Password' inside database ,everything works.

    <!DOCTYPE html>
<html>
<head>
    <title>Registration</title>
</head>
<body>
<?php
$lclhost = "localhost";
$pass = "";
$root = "root";
$database = "regis";
$con=mysqli_connect ("$lclhost", "$root", "$pass") or die("connection fail".mysql_error());
mysqli_select_db($con, $database) or die("database fail".mysql_error());
?>
<form method="get">
    First Name : <input type="text" name="fname"><br>
    Last Name : <input type="text" name="lname"><br>
    Email: <input type="text" name="email"><br>
    Password: <input type="Password" name="password">
    <input type="submit" name="btnsubmit">
</form>
<?php 
if (isset($_GET['btnsubmit']))
{
    $fname = $_GET['fname'];
    $lname = $_GET['lname'];
    $email = $_GET['email'];
    $password = $_GET['password'];
    $registration = "INSERT INTO tbl_info values ('".$fname."','".$lname."','".$email."','".$password."')";
    mysqli_query($con,$registration);
    echo "Succes!";
}
?>
</body>
</html>
Nicolae
  • 86
  • 6
  • Is ur id on autoincrement? – Ashwin Golani Mar 20 '17 at 08:35
  • adding `user_id` column on the db makes the code not working simply because that field also needs a value. what you must do is to add user_id field on your html view and send it over with the rest of the inputs. – Semi-Friends Mar 20 '17 at 08:37
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Mar 20 '17 at 08:40

1 Answers1

0

Because of your query doesnt specify columns, mysql will only work if the number of column values you provided is exactly the same as the number of columns in the database.

Adding an extra column to the database will cause the query to break because the number of columns is not longer the same.

You have two options:

OPTION 1: Add column names in your query: 

 "INSERT INTO tbl_info(Firstname, Lastname, EmailAddress, Password)   
  values ('".$fname."','".$lname."','".$email."','".$password."')";

OPTION 2: Always make sure the number of columns in the database is exactly the same as the number of values you provide in your query

NB: If you have an auto-increament id field, you do not have to include it for the first option because it will auto-add value whenever you insert a record. But you do need to include it for the second option, pass empty string or null as a value

Luthando Ntsekwa
  • 4,192
  • 6
  • 23
  • 52