0

I am trying to create a register using php and phpmyadmin. I have got the post working and inserting the data into the table works too. What does work is this line ..

 $result = mysqli_query($conn, $sql);

I have tried to debug it using the following code but no errors come up. This is my register.php file. 

require_once('config1.php');

if(!$conn):
die('Connect Error (' . mysqli_connect_errno() . ') '. 
mysqli_connect_error());
endif;

if(isset($_POST) && !empty($_POST)) {
    $username = $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST['password'];

    $sql = "INSERT INTO 'zz_login' (username, email, password) VALUES ('$username', '$email', '$password')";
    $result = mysqli_query($conn, $sql);
    if($result) {
        echo "user registration successful";
    } else {
        mysqli_error($conn);
    }
}
;

This is my config file 

error_reporting(E_ALL);
ini_set('display_errors', '1');

$conn = mysqli_connect("localhost", "username", "password", "database"); 
if (!$conn) {
die("could not connect" . mysqli_connect_error($conn));
}

Not sure what is wrong, would really appreciate some help. Thanks in advance.

12__Dee
  • 11
  • 5
  • what is the error that is returned? – adamfowlerphoto Dec 12 '17 at 16:17
  • There are no errors that return, I mentioned that above. This is why I am so lost – 12__Dee Dec 12 '17 at 16:18
  • [Little Bobby](http://bobby-tables.com/) says **[you may be at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) with [parameterized queries](https://stackoverflow.com/a/4712113/5827005). I recommend `PDO`, which I [wrote a class for](https://github.com/GrumpyCrouton/GrumpyPDO) to make it extremely easy, clean, and more secure than using non-parameterized queries. Also, [This article](https://phpdelusions.net/pdo/mysqli_comparison) may help you choose between `MySQLi` and `PDO` – GrumpyCrouton Dec 12 '17 at 16:19
  • **Never store plain text passwords!** Please use **PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)** (`password_hash()` and `password_verify()`) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). **It is not necessary** to [escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so _changes_ the password and causes unnecessary additional coding. – GrumpyCrouton Dec 12 '17 at 16:19
  • I know I am going to hash the passwords and make it more secure after I get the register fixed. But want to fix this problem before I progress – 12__Dee Dec 12 '17 at 16:20
  • So your code runs the echo "user registration successful" but nothing is added to the database – adamfowlerphoto Dec 12 '17 at 16:21
  • @12__Dee So you are going to write the code and get it working, then go back and completely rewrite the code to be more secure? Okay then... – GrumpyCrouton Dec 12 '17 at 16:21
  • Show us how `$conn` is created. – GrumpyCrouton Dec 12 '17 at 16:22
  • You don't need `isset()` and `!empty()`. https://stackoverflow.com/questions/4559925/why-check-both-isset-and-empty – GrumpyCrouton Dec 12 '17 at 16:24
  • @Spads No the echo "user registration successful" does not appear, but neither does any errors as I have tried to debug it using the code above. Once the "user registration successful" appears the information will be added to the database – 12__Dee Dec 12 '17 at 16:24
  • var_dump($result) and see what does it returns – Arun Kumaresh Dec 12 '17 at 16:25
  • @ArunKumaresh it returns undefined variable (my path) on line 23 (where i added var_dump($result) NULL – 12__Dee Dec 12 '17 at 16:32

1 Answers1

2

it looks like you have a sql-error and you forgot the echo command in front of mysqli_error simply try this:

if($result) {
    echo "user registration successful";
} else {
   echo mysqli_error($conn);
}
cabanni
  • 349
  • 5
  • 12
  • It is returning this error now Incorrect integer value: 'pass123' for column 'password' at row 1 pass123 was the password I entered when creating the users details – 12__Dee Dec 12 '17 at 16:29
  • if this happens your talbe zz_login especialy the row "password" has the wrong type it should be type of string and not integer, you have to change your table. – cabanni Dec 12 '17 at 16:34