0

I'm trying to take 'username' as form input from users and insert it in MySQL database. But I'm unable to do so. Please tell me what is wrong with my code..

HTML Form:

<form method="POST" action="action.php">
<div class="row
 <div class="col-md-3">
 <div class="form-group">
  <label>Username</label>
    <input name="username" id="username" type="text" class="form-control" placeholder="Username">
  </div>
  </div>
<button type="submit" class="btn btn-info btn-fill pull-right">Update Profile</button>
<div class="clearfix"></div>
</form>

action.php:

<?php

$con = mysqli_connect('localhost', 'id1753243_venom', 'roushan123');

if(!$con)
{
   echo 'Not connected to the server';
}
if (!mysqli_select_db($con,'users'))
{
   echo 'Database not selected';
}

$username = $_POST['username'];

$sql = "INSERT INTO users (username) VALUES ('$username')";

if(!mysqli_query($con,$sql))
{
   echo 'Not inserted';
}
else
{
   echo 'Inserted';
}

header("refresh:2; url=user.php");
?>

When I input the form, it gives me "Not inserted" error. I tried to find a solution but failed, I was hoping some of you can look into the above code and help me out here! Thanks.

After adding some error reporting I get

Fatal error: Uncaught mysqli_sql_exception: Access denied for user 'id1753243_venom'@'%' to database 'users' in /storage/ssd1/243/1753243/public_html/login-system/action.ph‌​p:20 Stack trace: #0 /storage/ssd1/243/1753243/public_html/login-system/action.ph‌​p(20): mysqli_query(Object(mysqli), 'INSERT INTO use...') #1 {main} thrown in /storage/ssd1/243/1753243/public_html/login-system/action.ph‌​p on line 20

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
VenoM
  • 453
  • 3
  • 9
  • 17
  • Add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any `mysqli_` errors to generate an Exception that you can see on the browser and other errors will also be visible on your browser. Then tell us what error you are getting – RiggsFolly Jun 29 '17 at 15:34
  • $sql = "INSERT INTO users (username) VALUES ($username)"; – Hothi Jimit Jun 29 '17 at 15:34
  • Or add `echo $con->error; exit;` instead of the useless `echo 'Not inserted';` – RiggsFolly Jun 29 '17 at 15:35
  • Well, for starters, let's not allow SQL injection. Cause if someone like [Bobby Tables](https://xkcd.com/327/) comes along, you're gonna have a fun time. – ctwheels Jun 29 '17 at 15:36
  • 1
    Your code is _**wide open** to [SQL injection](https://en.wikipedia.org/wiki/SQL_injection)_. Don't build queries by sticking strings together. Instead, use [prepared statements](http://php.net/manual/en/pdo.prepare.php) with [parameter binding](http://php.net/manual/en/pdostatement.bindparam.php). – ChrisGPT was on strike Jun 29 '17 at 15:36
  • Use mysqli_error($con) to find out if there is an error – Jens Jun 29 '17 at 15:37
  • Fatal error: Uncaught mysqli_sql_exception: Access denied for user 'id1753243_venom'@'%' to database 'users' in /storage/ssd1/243/1753243/public_html/login-system/action.php:20 Stack trace: #0 /storage/ssd1/243/1753243/public_html/login-system/action.php(20): mysqli_query(Object(mysqli), 'INSERT INTO use...') #1 {main} thrown in /storage/ssd1/243/1753243/public_html/login-system/action.php on line 20 – VenoM Jun 29 '17 at 15:41
  • SO you have not given this userid the rights to use that database – RiggsFolly Jun 29 '17 at 15:41

1 Answers1

-1

action.php should look like this

<?php
$con = mysqli_connect('localhost', 'id1753243_venom', 'roushan123', 'users');
if(!$con)
{
   echo 'Not connected to the server';
}
$username = $_POST['username'];
$sql = "INSERT INTO users (username) VALUES ('".$username."')";

$insert = mysqli_query($con,$sql);

if(!$insert)
{
   echo 'Not inserted';
}
else
{
   echo 'Inserted';
}
header("refresh:2; url=user.php");
?>

Please Let me know if there is any issue after that.

your sql query should look like this

$sql = "UPDATE users SET username = '".$username."' WHERE id = 1";
Binayak Das
  • 618
  • 8
  • 20
  • And that change will make No Difference at all, as OP's original query syntax was just fine and easier to read than yours – RiggsFolly Jun 29 '17 at 15:46
  • It worked, but I'm trying to make a profile page here and this username blank is supposed to save in the username row for the logged in user but instead it makes a new row & saves below the username column. – VenoM Jun 29 '17 at 15:51
  • you need to change the connection string like this `mysqli_connect('localhost', 'id1753243_venom', 'roushan123', 'users');` what you have written that is used in mysql not mysqli – Binayak Das Jun 29 '17 at 15:52
  • Your solution worked, but I want the username to save in the same row as the user and not make a new row – VenoM Jun 29 '17 at 15:55
  • For that you need to write update query not insert query. – Binayak Das Jun 29 '17 at 15:58
  • If you have session then you should use session in where condition. And also please make a positive vote. So that we will motivate to help you more here and also in future. – Binayak Das Jun 29 '17 at 16:03
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Jun 29 '17 at 16:16
  • Why accept this answer it was not what you problem was!!!!! Problem was access issue – RiggsFolly Jun 29 '17 at 16:16