phpmyadmin db connection to a form in php

Question

I am having trouble connecting my php page to my database in PHPMyAdmin.. it is a sign up page, I am trying to insert the data into the table named admin but it is not working. And the output is as shown in the screenshot

output screenshot

<?php

$q= mysqli_connect("localhost","root","","saramadani");
if (mysqli_connect_errno())
{
echo("Error In connection");
}
else
{
  echo("<center><h1>Database Connected</h1>");
}


$ufname=($_POST['ufname']);
$ulname=($_POST['ulname']);
$username=($_POST['username']);
$uemail=($_POST['uemail']);
$umobile=($_POST['umobile']);
$password=($_POST['password']);
$sql="INSERT INTO admin(ufname,ulname,username,uemail,umobile,password)VALUES('$ufname','$ulname','$username','$uemail','$umobile','$password')";

if(mysqli_query($q,$sql))
{echo "<center><h1>Record added successfully</h1>";}

else

{echo "error in insertion";}
mysqli_close($q);


**And here is the form part code where the post function:**

<form action="signup1.php" method="post">

          <input type="text" name="ufname" required>

          <input type="text" name="ulname" required>

          <input type="text"  name="username" required>

          <input type="email" name="uemail" required>

          <input type="phone" name="umobile" required>

          <input type="password" name="password" required>
          <button type="submit">Sign up</button>
      </form>

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Nov 17 '17 at 22:31
**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Nov 17 '17 at 22:31

score 2 · Accepted Answer · answered Nov 17 '17 at 22:27

2

You are accessing the PHP file as a file:/// URL. PHP does not run in the browser - it needs an actual webserver. Since you're using XAMPP, it'll be somewhere at http://localhost/.

As a side note, phpMyAdmin has nothing to do with this. You're using MySQL - phpMyAdmin is just one (of many) ways to view/administrate a MySQL database.

answered Nov 17 '17 at 22:27

ceejayoz

176,543
40
303
368

Thank you, it was all about the localhost thing. I totally missed it. – Sara M. Nov 17 '17 at 22:35
1

@SaraM. I **strongly** encourage you not to ignore the comments left above. They are major security issues, and you should learn secure coding from the start rather than going "I'll fix that later". – ceejayoz Nov 17 '17 at 22:36

phpmyadmin db connection to a form in php

1 Answers1