MySQL and PHP help on how to make a registration form

Question

Hi I am trying to make a registration form that sends input data to phpmyadmin's database I created. I think I mixed up MySQLI and MySQL any suggestions on how to fix would be great!! I just dont understand why my data is not being sent over to the database on phpmyadmin.

PHP:

// connect to database
$db = mysqli_connect("127.0.0.1", "root", "", "user logins");

if (isset($_POST['register_btn'])) {
    $firstName = mysql_real_escape_string($_POST['firstName']);
    $lastName = mysql_real_escape_string($_POST['lastName']);
    $emailAddress = mysql_real_escape_string($_POST['emailAddress']);
    $password = mysql_real_escape_string($_POST['password']);
    $password2 - mysql_real_escape_string($_POST['password2']);
}

if ($password == $password2) {
    // create user
    $password = md5($password); //hash password before storing for security
    $sql = "INSERT INTO user logins(firstName, lastName, emailAddress, password) VALUES('$firstName', '$lastName' '$emailAddress', '$password')";
    mysqli_query($db, $sql);
    $_SESSION['message'] = "You are now logged in";
    $_SESSION['username'] = $username;
    header('location: homepage.html'); //redirect to homepage
} else {
    $_SESSION['message'] = "The two passwords do not match";
}
?>

HTML:

<link rel="stylesheet" type="text/css" href="custom.css">

<body class="background">
<div>
    <h1 class="header1">Sign in Below</h1>
</div>
<div>
    <form action="connect.php" method="post">
        <div>
            <label for="firstName">First Name:</label>
            <input type="text" name="first_name" id="firstName">
        </div>
        <div>
            <label for="lastName">Last Name:</label>
            <input type="text" name="last_name" id="lastName">
        </div>
        <div>
            <label for="emailAddress">Email Address:</label>
            <input type="email" name="email" id="emailAddress">
        </div>
        <div>
            <label for="password">Password:</label>
            <input type="password" name="password" id="password">
        </div>
        <div>
            <label for="password2">Repeat Password:</label>
            <input type="password" name="password2" id="password2">
        </div>
        <input type="submit" name="register_btn" value="register">
    </form>
</div>
</body>

First, replace all `mysql` syntax you have with its counterpart in `mysqli` — Carl Binalla, Aug 08 '17 at 02:36
MD5 is considered broken for security purposes and is not sufficient for password hashing. Use [`password_hash()`](http://us3.php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://us3.php.net/manual/en/function.password-verify.php) instead. If you're using a version of PHP prior to 5.5, you can use [this compatibility pack](https://github.com/ircmaxell/password_compat). — Alex Howansky, Aug 08 '17 at 02:37
Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. — Alex Howansky, Aug 08 '17 at 02:38
as someone who dealt with a lot of mysql and PHP, ill just say, use PDO. you will thank me later. it will be a slight pain to grasp how it works, but its worth it. — user2914191, Aug 08 '17 at 02:40
this `md5($password)` I could break in oh about 25 minutes, probably less. Especially I use my 54gb server ... The only question, do I use a rainbow table, or a dictionary ... — ArtisticPhoenix, Aug 08 '17 at 05:29

user2914191 · Answer 1 · 2017-08-08T02:51:36.437

I don't think "user logins" is a valid table name. Change it to "user_logins", or at the very least, use the quote ` around the table name.

INSERT INTO `user logins`(

OR

INSERT INTO user_logins(

Second one you have to rename the table in phpmyadmin. As a general rule, you want to quote table names no matter what. Because sometimes your table name is a MySQL-reserved keyword. It's just good practice.

Also, the 4th parameter in mysqli_connect is database name. So is your database named "user logins"? Don't confuse table name with database name.

score 0 · Answer 2 · answered Aug 08 '17 at 02:45

Have you put in a password?
Is your database on your local machine?
Is your database table called user logins (with a space)
Is root your login?
Is your PHP file called connect.php?
Any error messages?
What happens when you click the form button

Sorry just a few things that crossed my mind that might help determine the problem.

You may just need to remove the following curly bracket

  $password2 - mysql_real_escape_string($_POST['password2']);
 }

and add it at the end of you file so it runs with your isset() function

     $_SESSION['message'] = "The two passwords do not match";
 }
  }
   ?>

score -1 · Answer 3 · answered Aug 08 '17 at 03:53

-1

solved:(a small mistake)

this line is not a assignment :

$password2 - mysql_real_escape_string($_POST['password2']);

to

$password2 = mysql_real_escape_string($_POST['password2']);

( - ) must be converted to (=)

answered Aug 08 '17 at 03:53

andreas karimi

182
7

MySQL and PHP help on how to make a registration form

3 Answers3