0

I am trying to insert records into a table but I am facing a problem on the isset function. I am unable to process the code.

In the following code the else statement is executed instead of the isset function. 

 <?php
if (isset($_POST['submit'])) {

    include_once 'dbh.inc.php';

    $firstname = mysqli_real_escape_string($conn, $_POST['firstname']);
    $surname = mysqli_real_escape_string($conn, $_POST['surname']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);
    $cpassword = mysqli_real_escape_string($conn, $_POST['cpassword']);
    $bdate = mysqli_real_escape_string($conn, $_POST['bdate']);
    $gender = mysqli_real_escape_string($conn, $_POST['gender']);

    if(empty($firstname) || empty($surname) || empty($email) || empty($username) || empty($password) || empty($cpassword) || empty($bdate) || empty($gender)) {
       header("Location: ../index.php?index=empty");
       exit();
    } else {
        $sql = "SELECT * FROM users WHERE username='$username'";
        $result = mysqli_query($conn,$sql);
        $resultCheck = mysqli_num_rows($result);
        if ($resultCheck > 0) {
            header("Location: ../index.php?index=username already taken");
            exit();
        } else {
            // Hashing the password
            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
            //Insert users into the database
            $sql = "INSERT INTO users (id, firstname, surname, email, username, password, bdate, gender) VALUES ('', '$firstname', '$surname', '$email', '$username', '$password', '$bdate', '$gender');";
            mysqli_query($conn, $sql);
            header("Location: ../profile.php");
            exit();
        }
    }
} else {
    header("Location: ../index.php?index=error");
    exit();
}

Here is the front-end containing the "sign up" part:

<div class="container and">
  <div class="row">
    <div class="col-lg-6 pull-right">
 <div class="panel panel-default">
  <div class="panel-heading">
    <h3>Create a new account.</h3>
  </div>
   <div class="panel-body">
     <form id="loginform" action="includes/signup.inc.php" method="POST">
       <div class="row">
         <div class="form-group has-error col-md-6">
           <input type="text" class="form-control" name="firstname" placeholder="First Name">
         </div>
         <div class="form-group has-error col-md-6">
           <input type="text" class="form-control" name="surname" placeholder="Surname">
         </div>
       </div>
       <div class="row padding-top-10">
                    <div class="form-group has-error col-md-12">
                      <input type="text" class="form-control" name="email" placeholder="Email Address">
                    </div>
        </div>
       <div class="row padding-top-10">
         <div class="form-group has-error col-md-12">
           <input type="text" class="form-control" name="username" placeholder="Username">
         </div>
       </div>
         <div class="row padding-top-10">
           <div class="form-group has-error col-md-12 padding-top-10">
             <input type="password" class="form-control" name="password" placeholder="Password">
           </div>
         </div>
           <div class="row padding-top-10">
             <div class="form-group has-error col-md-12">
               <input type="password" class="form-control" name="cpassword" placeholder="Confirm Password">
             </div>
           </div>
         <div class="row padding-top-10">
           <div class="form-group has-error col-md-12">
             <h4>&nbsp;&nbsp; Birthday</h4>
             <input type="date" class="form-control" name="bdate" value="birthdate">
           </div>
         </div>
         <div class="row padding-top-10">
           <div class="form-group has-error col-md-6 padding-top-10">
             <div class="pull-right">
            Male: <input type="radio" name="gender" value="male" />
           </div>
           </div>
           <div class=" form-group has-error col-md-6 padding-top-10">
             Female: <input type="radio" name="gender" value="female">
           </div>
       </div>
       <div class="padding-top-10">
         <button class="btn btn-success" name="submit">Create Account</button>
       </div>
     </form>
   </div>
 </div>
</div>
</div>
</div>
Isma
  • 14,604
  • 5
  • 37
  • 51
gangesh
  • 3
  • 1
  • 1
    Have you done `var_dump($_POST);` to confirm that submit is in the POST global? – Matt Nov 10 '17 at 15:04
  • Clearly `$_POST['submit']` is not set. And I know this nitpicking, but `isset` is a language construct, not a function. – Andrei Nov 10 '17 at 15:05
  • 2
    Seeing that the `input` with name `"submit"` is a standard `button` and not a `type="submit"`, this suggests javascript somewhere is handling the form submit event (either ajax, or directly). Due to that, that value won't be included in the POST args. You would need to check on something that would be sent. A hidden form field with a value would work, or add an arg and value with the javascript action. Otherwise, question is too vague with missing code. – IncredibleHat Nov 10 '17 at 15:12
  • are you sure set the correct address php file in form.I mean here.
     – pedram shabani Nov 10 '17 at 15:12
  • Don't rely on `mysqli_real_escape_string()` to prevent SQL injection, [it alone is not sufficient](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string). You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Nov 10 '17 at 15:15
  • Try `` – Akshay N Shaju Nov 10 '17 at 15:26
  • Thanks for your comments I will edit the code as said – gangesh Nov 10 '17 at 16:03

1 Answers1

0

You missed the button type attribute which will be type="submit" If you didn't include this type attribute, the form will not submit data.

Your code:

<button class="btn btn-success" name="submit">Create Account</button>

It should be:

<button type="submit" class="btn btn-success" name="submit">Create Account</button>

If, this is not your problem, let me know! Thanks.

Anbuselvan Rocky
  • 606
  • 6
  • 22
  • 1
    "Note: If you use the ` – IncredibleHat Nov 10 '17 at 15:16
  • @gangesh make sure you specify the correct **action url** and just before checking the if isset submit condition. Just use **var_dump($_POST);** to check whether you getting the submit post data. Keep me updated, after checking this. :) – Anbuselvan Rocky Nov 11 '17 at 04:30
  • @Anbuselvan Rocky the action url is correct. As I am new to php please tell me where to put var_dump($_POST); thanks – gangesh Nov 11 '17 at 07:46
  • @gangesh Insert **var_dump($_POST);** just before `if (isset($_POST['submit'])) {` line of code. – Anbuselvan Rocky Nov 11 '17 at 07:57
  • @Anbuselvan Rocky nothing happened with this the block executes the else statement of the if (isset). after deleting the error message in else part it game me this output array(0) { } – gangesh Nov 11 '17 at 08:54
  • Let me have a look at your full source code. Facebook me the full code to fb.me/anburocky3 Thanks. – Anbuselvan Rocky Nov 11 '17 at 09:05