0

I am using wamp server.I am trying to store the data which user fill in my form.But i don't know why its not getting added. These are my php files:(all files wrote in notepad++)

init.php:

<?php
$host = "localhost";
$db_user = "harsh";
$db_password = "password";
$db_name = "user_db";

 $con = mysqli_connect($host,$db_user,$db_password,$db_name);

?>

register1.php:

<?php
require "init.php";

$name = $_POST["name"];
$adharnumber = $_POST["adharnumber"];
$email = $_POST["email"];
$password = $_POST["password"];
$contact = $_POST["contact"];

$sql="select * from individualuser_info where email like '".$email."';";

$result = mysqli_query($con,$sql);
$response = array();

    if(mysqli_num_rows($result)>0)
{
    $code = "reg_failed";
    $message = "User already exist....";
    array_push($response,array("code"=>$code,"message"=>$message));
    echo json_encode($response);
}
 else
{


    $sql = "insert into individualuser_info (`".$name."','".$adharnumber."','".$email."','".$password."','".$contact."');";
    $result = mysqli_query($con,$sql);
    $code = "reg_success";
    $message = "thank you .now you can login....";
    array_push($response,array("code"=>$code,"message"=>$message));
    echo json_encode($response);
}
mysqli_close($con);

?>

My form register_test.html:

<html>

<body>
<form action ="register1.php", method="post">
<table>
<tr>
<td>Name : </td><td><input type="text" name="name"/></td>
</tr>

<tr>
<td>Adhar number : </td><td><input type="text" name="adharnumber"/></td>
</tr>

<tr>
<td>Email:</td><td><input type="text" name="email"/></td>
</tr>

<tr>
<td>Password:</td><td><input type="password" name="password"/></td>
</tr>

<tr>
<td>Contact:</td><td><input type="text" name="contact"/></td>
</tr>

<tr>
<td><input type = "submit" value="Register"/></td>
</tr>

</table>
</form>
</body>
</html>

After making this files after starting wampserver when i am typing localhost/register_test.html in chrome url. It displays the form but unexpectedly in the email field it shows loacalhost automatically and in password field displays some password. And after filling the details when i click on register it shows message [{"code":"reg_success","message":"thank you .now you can login...."}]. But in database user_db in my individiualuser_info table no records gets added. Please help me to solve this.

dev
  • 69
  • 8
  • You display a success message but never actually check if the operation was successful. Take a look at `mysqli_error`. Your code is wide open to SQL injection, there's a good chance you have a syntax error. – David Apr 13 '17 at 22:25
  • Your problem is likely the extra ` character after the ( in your insert. But as David said please protect yourself from sql injection! http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Ryan Tuosto Apr 13 '17 at 22:26
  • [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe. Also, if you view error-logs, they should have caught this - developing without errors set to show all is not smart. – junkfoodjunkie Apr 13 '17 at 22:46

0 Answers0