1

I have a registration form with some validation above, but doesn´t sends any data in the database, it worked before tough but then someone touched in it and since does´t work anymore. However I am pretty sure that in this part hasn´t been made any changes. The validation works also header location sends me to pay.php when I submit the form. And I don´t get any error message. It´s kinda weird. 

    if( !$error ){

    $query = "INSERT INTO `registration` (email, firstname, lastname, age, password, nationality) VALUES
    ('$email', '$fname','$lname','$age',$pass,'$nationality')";

    $result = mysqli_query($conn, $query);
    if ($result){
        $smsg ="Succesfull Registration";  
    } else{
      $fmsg ="User Registration Failed";
    }
    if (isset($_POST['btn-signup'])){    
     header("location:pay.php");  
    } 
}
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • Your code is likely vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Jun 02 '17 at 15:00
  • I looks like you might be storing plain text passwords. Don't do that. You should use [`password_hash()`](http://us3.php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://us3.php.net/manual/en/function.password-verify.php) instead. If you're using a version of PHP prior to 5.5, do **not** use MD5 or SHA1 to hash passwords. Instead you can use [this compatibility pack](https://github.com/ircmaxell/password_compat). – Alex Howansky Jun 02 '17 at 15:01
  • Unless your password is numeric or already enclosed in apostrophes (e.g. from `PDO::quote()`) then `$pass` should probably have `' ... '` around it... though, really, the whole thing should use a prepared statement with bound parameters as has been mentioned. – CD001 Jun 02 '17 at 15:20
  • Have you checked the $conn if it really has a connection with the DB? – Ralph John Galindo Jun 02 '17 at 15:29
  • Thank you guys. yes it was the missing ' ... ' around $pass. Now it´s working. –  Jun 02 '17 at 17:59

0 Answers0