My php registration doesn't save to mysql database

Question

I am sorry to disturb you all. I am newbie and trying to learn php on my own. Maybe I can use my app at my class for assignment submission.

The problem is:

My registration page works well and doesn't return any error. However, it doesn't save to database.

Here is my code:

    <html>
    <head>
        <title>Welcome to My Writing Center</title>
    </head>
    <body>
        <h2>Here you can register to submit your essays</h2>
        <a href="index.php">Click here to go back to home page</a><br/><br/>
        <form action="sregister.php" method="POST">
           Username: <input type="text" name="username" required="required" /> <br/>
           Password: <input type="password" name="password" required="required" /> <br/>
           First Name: <input type="text" name="firstName" required="required" /> <br/>
           Last Name: <input type="text" name="lastName" required="required" /> <br/>
           E-mail address: <input type="email" name="email" required="required" /> <br/>
           Address: <input type="text" name="address" /> <br/>
           <input type="submit" value="Register"/>
        </form>
    </body>
</html>
<?php
$db_name="writingcenter"; // Database name 
$table_users="users"; // Table name 
$dbc = mysqli_connect("localhost", "root", "", $db_name);
if($_SERVER["REQUEST_METHOD"]== "POST"){
    $username = mysqli_real_escape_string($dbc,$_POST["username"]);
    $password = mysqli_real_escape_string($dbc,$_POST["password"]);
    $firstName = mysqli_real_escape_string($dbc,$_POST["firstName"]);
    $lastName = mysqli_real_escape_string($dbc,$_POST["lastName"]);
    $email = mysqli_real_escape_string($dbc,$_POST["email"]);
    $address = mysqli_real_escape_string($dbc,$_POST["address"]);
    $bool = true;
    mysqli_connect("localhost", "root") or die(mysql_error()); //Connect to Server
    mysqli_select_db($dbc,$db_name) or die("Cannot connect to DB"); //connect to db
    $query = mysqli_query($dbc,"SELECT * FROM users");
    while($row = mysqli_fetch_array($query))
    {
        $table_users = $row["username"];
        if($username == $table_users)
        {
            $bool = false;
            Print "<script>alert('User name has already been takens!');</script>";
            Print "<script>window.location.assign('sregister.php');</script>";
        }
        $table_users = $row["email"];
        if($email == $table_users)
        {
            $bool = false;
            Print "<script>alert('This email address has already been registered. Please log in using your email address!');</script>";
            Print "<script>window.location.assign('sregister.php');</script>";
        }
    }
    if($bool)
    {
        mysqli_query($dbc,"INSERT INTO `users`(`username`, `password`, `firstName`, `lastName`, `email`, `address`) VALUES ($username, $password, $firstName, $lastName, $email, $address)");
        Print "<script>alert('User successfully registered.');</script>";
        Print "<script>window.location.assign('login.php');</script>";
    }
}
?>

Could you please help me to find out where I am doing wrong?

Thanks for your help!

Best,

When `mysqli_query()` returns `false` (which you need to check for), use `mysqli_error()` to get the actual error message from the database. What you have is a variety of syntax errors in your SQL code. Which, incidentally, you wouldn't have if you were using prepared statements with query parameters. As an added bonus, that would also protect you from SQL injection (to which your current code is potentially vulnerable). You're just getting started, but there's no time like the present to learn. — David, Sep 03 '17 at 19:16
*"My registration page works well and doesn't return any error. However, it doesn't save to database."* - That's a contradiction. — Funk Forty Niner, Sep 03 '17 at 19:18
`mysql_error()` - that doesn't work/mix with the `mysqli_` api. — Funk Forty Niner, Sep 03 '17 at 19:19
@Fred-ii- It works great apart from the place where it doesn't work at all! — tadman, Sep 03 '17 at 19:23
**WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/5.4/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords as plain-text**. — tadman, Sep 03 '17 at 19:24
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use manual escaping and string interpolation or concatenation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). Accidentally unescaped data is a serious risk. Using bound parameters is less verbose and easier to review to check you’re doing it properly. — tadman, Sep 03 '17 at 19:24
Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…”)` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. — tadman, Sep 03 '17 at 19:24
The `alert()` plus JavaScript redirect approach is something that fell out of favor in the 1990s. You really need a better way of presenting error messages than that. — tadman, Sep 03 '17 at 19:25
Thanks a lot for your invaluable comments. Actually I would like to create a portal where I can help my students to submit their essays. I checked wordpress and couldn't find a suitable plugin which help me to get I am dreaming of. So I thought I can learn php and do it. I also found laravel is very good at such apps. Do you think I can learn it? — MRGDRK, Sep 03 '17 at 19:31
"Don't write x because a framework already does it" is an asinine notion. — deg, Sep 03 '17 at 21:52

My php registration doesn't save to mysql database

0 Answers0