0

I'm using the below tutorial and have read thru and searched multiple SO questions without any luck to solving this.

https://www.youtube.com/watchv=e8TP2FERKls&index=39&list=PL0eyrZgxdwhwBToawjm9faF1ixePexft-

I've checked for small syntax errors like missing quotes, semicolons, etc and haven't found any errors.

I've also confirmed that all my variables echo properly. It's the last step of saving the information in my database on phpmyadmin. I'm using Xampp.

Tried to solve this for hours. I'd greatly appreciate any feedback.

index.php (I just copied and pasted the form to not post the entire front-end code). 

<form action="signup.php" method="post"> 

<input type="text" name="name" placeholder="First and Last Name"> 
<input type="text" name="email" placeholder="Email Address"> 
<input type="text" name="mobilephone" placeholder="Mobile Phone 
Number"> 
<input type="password" name="pwd" placeholder="Password"> 
<input type="password" name="pwd2" placeholder="Repeat Password"> 
<input type="text" name="haddress" placeholder="Home Address"> 
<input type="text" name="eaddress" placeholder="Employer Address"> 
<input type="text" name="vyear" placeholder="Vehicle Year"> 
<input type="text" name="vmake" placeholder="Vehicle Make"> 
<input type="text" name="vmodel" placeholder="Vehicle Model"> <br/>
<button type="submit">Sign Up!</button>

</form>

signup.php

<?php 
include 'dbh.php';

$name = $_POST['name'];
$email = $_POST['email'];
$mobilephone = $_POST['mobilephone'];
$pwd = $_POST['pwd'];
$pwd2 = $_POST['pwd2'];
$haddress = $_POST['haddress'];
$eaddress = $_POST['eaddress'];
$vyear = $_POST['vyear'];
$vmake = $_POST['vmake'];
$vmodel = $_POST['vmodel'];

$sql = "insert into customer (name, email, mobilephone, pwd, pwd2, 
haddress, eaddress, vyear, vmake, vmodel) 

values ('$name', '$email', '$mobilephone', '$pwd', '$pwd2', 
'$haddress', '$eaddress', '$vyear', '$vmake', '$vmodel',)"; 

$result = mysqli_query($conn, $sql); 

header("Loctaion: index.php"); 
?>

dbh.php

<?php

$conn = mysqli_connect("localhost", "root", "", "oilbizsignup"); 


if (!$conn) {               
die("Connection failed: ".mysqli_connect_error());  /* tells us error 
message if we fail connection*/
} 

?>
DeWr3cK
  • 1
  • 1
  • Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 14 '17 at 15:59
  • Thank you and yes I plan on it. As you can probably tell I'm newer to back-end programming in general. Just trying to get the basic features to work first. – DeWr3cK Apr 14 '17 at 16:05
  • Fixed, foolish syntax error with a comma after my last variable within VALUES. – DeWr3cK Apr 14 '17 at 18:42

0 Answers0