User registration on PHP with MySQL

Question

I create a simple code for user registration, and when user submit the data was not recorded to MySQL.

Here is my logic code

<?php
    $username = $_POST["user"];
    $password = $_POST["pass"];
    $confirmPassword = $_POST["repass"];
    $email = $_POST["email"];

    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $confirmPassword = stripcslashes($confirmPassword);
    $email = stripcslashes($email);

    $con = mysqli_connect('localhost', 'root', '', 'dbtest');
    if($con->connect_error)
    {
        echo"<script type='text/javascript'>alert('connection to database failed!')</script>";
    }
    else
    {
        $query = mysqli_query($con, "INSERT INTO 'user'('Username', 'Password', 'Email') VALUES('$username', $password', '$email')");
        echo "You are successfully registered!";
    }
    $con->close();
?>

Is there something that I missed?

What errors are you getting? - Turn on error reporting and start debugging. — Epodax, Apr 04 '17 at 09:50
What's the problem exactly? Does the code stop somewhere, does it give you an error? Have you attempted to debug it already? — GiamPy, Apr 04 '17 at 09:50
when user submit their data it not giving any error, and the `echo "You are successfully registered!";` work just fine @hungrykoala — Albert Henderson, Apr 04 '17 at 09:58
It is not a doublicate, because there are more Errors as only the single quotes — Jens, Apr 04 '17 at 10:05

Jens · Accepted Answer · 2017-04-04T09:58:56.693

4

You have to remove the single quotes arround the column names and table names, because mysql will interpret these as strings, not as table/column names

  $query = mysqli_query($con, "INSERT INTO `user` (Username, `Password`, Email) VALUES('$username', $password', '$email')");

Also you should use prepared Statements to prevent SQL injection.

You should ask for errors after executing SQL Statements (mysqli_error())

Userand password are reserved words in mysql. To escape These , use backticks or better rename the table and the column. For more informations about keywords read the mysql documentation

edited Apr 04 '17 at 09:58

answered Apr 04 '17 at 09:52

Jens

67,715
15
98
113

I've tried to remove the quotes, and the data still not recorded to database – Albert Henderson Apr 04 '17 at 09:56
@AlbertHenderson then use backticks – Jens Apr 04 '17 at 09:57
I've change using backticks for the table name and column, and not work too – Albert Henderson Apr 04 '17 at 12:00
@AlbertHenderson has you added `mysqli_error, to see what error message you get? – Jens Apr 04 '17 at 12:24
OK i just added `mysqli_error($con)` and it show up the error `Error Description: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '', 'albert@henderson.com')' at line 1` @Jens – Albert Henderson Apr 04 '17 at 14:12
Hey dude now it works just fine, and user inputted data now recorded, thanks a lot for your explanation @Jens – Albert Henderson Apr 04 '17 at 14:25

KittyCat · Answer 2 · 2017-04-04T10:03:00.530

This should work, its safer now and your passwordconfirm works.

<?php
$username        = $_POST["user"];
$password        = $_POST["pass"];
$confirmPassword = $_POST["repass"];
$email           = $_POST["email"];

$username        = stripcslashes($username);
$password        = stripcslashes($password);
$confirmPassword = stripcslashes($confirmPassword);
$email           = stripcslashes($email);

$con = mysqli_connect('localhost', 'root', '', 'dbtest');
$query = sprintf("INSERT INTO user ('Username', 'Password', 'Email') VALUES ('%s', '%s', '%s')", $username, $password, $email);

if($password == $confirmPassword)
{
    $result = mysqli_query($con, $query)
    if($result)
    {
        echo "You are successfully registered!";
    }
    else
    {
        echo "Something went wrong.";
    }
    $con->close();
}
else
{
    echo "The passwords you entered didn't match.";
}

?>

I used sprintf() to make the query and checked it with mysqli_query(). It also checks if the passwords match. Regards - Raul.

It doesn't work. single qoutes arround column names – Jens Apr 04 '17 at 10:02 — Jens, Apr 04 '17 at 10:02

User registration on PHP with MySQL

2 Answers2