0

This code I have written is not putting the input into my database on MySQL. I watched a youtube video on how to make a registration form and this is the code (just trying to understand it better) but I don't know why mine isn't sending into my database.

PHP: 

<?php
session_start();

// connect to database
$db = mysqli_connect("127.0.0.1", "root", "", "user logins");

if (isset($_POST['register_btn'])) {
    $firstName = mysql_real_escape_string($_POST['firstName']);
    $lastName = mysql_real_escape_string($_POST['lastName']);
    $emailAddress = mysql_real_escape_string($_POST['emailAddress']);
    $password = mysql_real_escape_string($_POST['password']);
    $password2 - mysql_real_escape_string($_POST['password2']);
}

if ($password == $password2) {
    // create user
    $password = md5($password); //hash password before storing for security
    $sql = "INSERT INTO user logins(firstName, lastName, emailAddress, password) VALUES('$firstName', '$lastName' '$emailAddress', '$password')";
    mysqli_query($db, $sql);
    $_SESSION['message'] = "You are now logged in";
    $_SESSION['username'] = $username;
    header('location: homepage.html'); //redirect to homepage
} else {
    $_SESSION['message'] = "The two passwords do not match";
}
?>

HTML:

<link rel="stylesheet" type="text/css" href="custom.css">

<body class="background">
<div>
    <h1 class="header1">Sign in Below</h1>
</div>
<div>
    <form action="connect.php" method="post">
        <div>
            <label for="firstName">First Name:</label>
            <input type="text" name="first_name" id="firstName">
        </div>
        <div>
            <label for="lastName">Last Name:</label>
            <input type="text" name="last_name" id="lastName">
        </div>
        <div>
            <label for="emailAddress">Email Address:</label>
            <input type="email" name="email" id="emailAddress">
        </div>
        <div>
            <label for="password">Password:</label>
            <input type="password" name="password" id="password">
        </div>
        <div>
            <label for="password2">Repeat Password:</label>
            <input type="password" name="password2" id="password2">
        </div>
        <input type="submit" name="register_btn" value="register">
    </form>
</div>
</body>
Marc Delisle
  • 8,879
  • 3
  • 29
  • 29
joe
  • 1
  • You're combining MySQL and MySQLi, which is invalid syntax, and which is also why your query is not working. Also, `md5()` is **very** insecure; consider using [**prepared statements**](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) to prevent [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) :) – Obsidian Age Aug 07 '17 at 20:10
  • ***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Aug 07 '17 at 20:12

0 Answers0