Variables are empty (php)

Question

I've started learning php and I'm stuck with the "input" in php. I'm about to build a signup.

This is a quote out of my "input" code (signup.php):

    <?php
    include_once 'header.php'
    ?>

    <section class="main-container">
        <div class="main-wrapper">
            <h2>Sign up</h2>
            <form class="signup-form" action="includes/signup.inc.php" method="POST">
                <input type="text" name="first" placeholder="First Name">
                <input type="text" name="last" placeholder="Last Name">
                <input type="text" name="e-mail" placeholder="e-mail">
                <input type="text" name="uid" placeholder="Username">
                <input type="password" name="pwd" placeholder="Password">
                <button type="submit" name="submit">
                    Sign up
                </button>
            </form>
        </div>
    </section>

    <?php
    include_once 'footer.php'
?>

This is the code (signup.inc.php) I want to start:

<?php

if (isset($_POST['submit'])) {

    include_once 'dbh.inc.php';

    $first = mysqli_real_escape_string($conn, $_POST['first']);
    $last = mysqli_real_escape_string($conn, $_POST['last']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $uid = mysqli_real_escape_string($conn, $_POST['uid']);
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

    //Error handlers
    //Check for empty fields
    if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
        header("Location: ../signup.php?signup=empty");
        exit();
    } else {...

This is my connection code (dbh.inc.php):

<?php

$user="root";
$password="";
$conn=mysqli_connect("localhost",$user,$password);

If I go to my website, click the sign up button and fill in the input boxes I immediately get the "signup.php?signup=empty" message. Why are my Variables empty?

Stop assuming that because the submit is clicked that all the fields are set and exist, use `isset` and `empty` before you assign variables. ***Always*** validate/sanitize your user input and make use of prepared statements. If `uid` is a non-string then why are you escaping it? Is error reporting enabled? Are any errors shown/logged? Are you hashing your `pwd` field? Make use of `password_hash` if you aren't doing so already. — Script47, Sep 06 '17 at 14:03
Don't rely on `mysqli_real_escape_string()` to prevent SQL injection, [it alone is not sufficient](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string). You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. — Alex Howansky, Sep 06 '17 at 14:12
It will not run because your was not set, so empty, that's why you get redirected to empty page. change `$email = mysqli_real_escape_string($conn, $_POST['email']);` to `$email = mysqli_real_escape_string($conn, $_POST['e-mail']);` and you are good to go. — Prince Adeyemi, Sep 06 '17 at 14:19

score 1 · Answer 1 · edited Sep 06 '17 at 14:08

1

At first glance it seems that $_POST['email'] returns empty because there is a typo in there. It should read $_POST['e-mail'] because its name in HTML is e-mail.

edited Sep 06 '17 at 14:08

Script47

14,230
4
45
66

answered Sep 06 '17 at 14:07

Phaze

545
1
5
14

Yeah this was the problem. Really thank you! – Cygan Sep 06 '17 at 14:16

AutoTester213 · Answer 2 · 2017-09-06T14:14:18.417

0

Try it this one connect to the db as follows (dbh.inc.php)

$servername = "localhost";
$username = "root";
$password = "";
$Dbconnect = "db_Name";

// Create connection
$conn = new mysqli($servername, $username, $password, $Dbconnect);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

In your php then do as follows

include ('dbh.inc.php');
$first = $_POST['first'];
$last = $_POST['last'];
$email = $_POST['e-mail']
$uid = $_POST['uid'];
$pwd = $POST['pwd'];

if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
        header("Location: ../signup.php?signup=empty");
        exit();
    } else {...

also you have a typo email should be $email = $_POST['e-mail']

edited Sep 06 '17 at 14:14

answered Sep 06 '17 at 14:10

AutoTester213

2,714
2
24
48

This will throw an error. – Script47 Sep 06 '17 at 14:11
It works fine for my website. – AutoTester213 Sep 06 '17 at 14:13
What do you mean by "*connect only once*"? Why did you remove the escaping (which would be great - if you utilized prepared statements instead)? – Qirel Sep 06 '17 at 14:13
@Qirel sorry i was typed something different that to what i thinking. – AutoTester213 Sep 06 '17 at 14:15
why should OP try this? what does it attempt to solve? – Masivuye Cokile Sep 06 '17 at 14:16

Variables are empty (php)

2 Answers2