1

Here is my HTML form:

  <form action="PHP/Signup.php" method="POST">

    <input type="text" name="FirstName" placeholder="Firstname" required="true"><br><br>
    <input type="text" name="MiddelName" placeholder="Middelname"><br><br>
    <input type="text" name="LastName" placeholder="Lastname" required="true"><br><br>
    <input type="text" name="Username" placeholder="Username" required="true"><br><br>
    <input type="password" name="Password" placeholder="Password" required="true"><br><br>
    <input type="email" name="Email" placeholder="Email address" required="true"><br><br>
    <input type="text" name="Phone" placeholder="Phone number"><br><br>
    <input type="text" name="Class" placeholder="Enter your class code eks. 2MKA" required="true"><br><br>
    <button type="submit">SIGN UP</button>

  </form>

and here is my PHP code (PHP/Signup.php):

 <?php
session_start();
include 'PHP/ConfigMamp.php';

$FirstName = $_POST['FirstName'];
$MiddelName = $_POST['MiddelName'];
$LastName = $_POST['LastName'];
$Username = $_POST['Username'];
$Password = $_POST['Password'];
$Email = $_POST['Email'];
$Phone = $_POST['Phone'];
$Class = $_POST['Class'];

//Test to see if the form acctully gets posted
//echo $FirstName. "<br>";
//echo $MiddelName. "<br>";
//echo $LastName. "<br>";
//echo $Username. "<br>";
//echo $Password. "<br>";
//echo $Email. "<br>";
//echo $Phone. "<br>";
//echo $Class. "<br>";


$sql = "INSERT INTO Users
(FirstName, MiddelName, LastName, Username, Password, Email, Phone, Class) VALUES
('$FirstName', '$MiddelName', '$LastName', '$Username', '$Password', '$Email', '$Phone', '$Class')";
$result = mysqli_query($conn, $sql);

header("Location: ../index.php");
 ?>

The lines i commented out was to test if the data was sent from one page to another, and i did receive the data but when i tried sending it to sql, it didn't reach or didn't get saved there. Can someone help me?

and here is the "PHP/ConfigMamp.php" file:

<?php
$Server = "localhost";
$Username = "root";
$Password = "root";
$Database = "BjerkeWeb";

// Create connection
$conn = mysqli_connect($Server, $Username, $Password, $Database);

// Check connection
// Remove mysqli_connect_error() after testing, leaves vulnerability to sql injection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
echo "<a style='
color: green;
position: absolute;
bottom: 40px;
right: 40px;
'>Connected successfully to the database</a>";
?>
Mike Lischke
  • 48,925
  • 16
  • 119
  • 181
Aj_Uthaya
  • 23
  • 4
  • Does `mysqli_error($conn)` tell you anything? How about your PHP logs? You never check for errors, so it could be failing and you're just ignoring it. (The fact that the code is wide open to SQL injection certainly isn't helping, since your SQL query could really be anything at this point.) – David May 08 '17 at 18:23
  • 1
    Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 08 '17 at 18:24
  • 1
    **Never** store plain text passwords. You should use [`password_hash()`](http://us3.php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://us3.php.net/manual/en/function.password-verify.php) instead. If you're using a version of PHP prior to 5.5, do **not** use MD5 or SHA1 to hash passwords. Instead you can use [this compatibility pack](https://github.com/ircmaxell/password_compat). – Alex Howansky May 08 '17 at 18:24
  • Try putting ini_set('display_startup_errors', 1); ini_set('display_errors', 1); error_reporting(-1); then commenting out the last line header("Location: ../index.php"); and see what it spits out – Jake May 08 '17 at 18:25
  • 1
    your config and php file are both in same directory. use `include 'ConfigMamp.php';` – Rohan Khude May 08 '17 at 18:25
  • @RohanKhude I think you mean `include 'ConfigMamp.php';` but good catch – Jake May 08 '17 at 18:28
  • @Jake yes, i just to use `include('ConfigMamp.php')` – Rohan Khude May 08 '17 at 18:30
  • @RohanKhude Nice catch, write the same as answer and i will credit you, thank you all for the help:) – Aj_Uthaya May 08 '17 at 18:34

1 Answers1

0

The config file you have included in your Signup.php is in same directory PHP/

this might work

include ('ConfigMamp.php');

Note: mysql is deprecated, you might get the sql injection. You must use PDO or mysqli

Rohan Khude
  • 4,455
  • 5
  • 49
  • 47