1

I'm a beginner and I am trying to learn PHP and SQL. I've written the code below so I can insert data into my database but I do not understand why it is not working. It loads and everything but when I click on the "Sign Up" button, it does nothing. Can someone help me figure it out?

<?php include 'config.php'; ?>

<?php
        if(isset($_POST['submit'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];


            $query = "INSERT INTO users1(username,password) VALUES ('$username','$password')";
            $result = mysqli_query($con,$query) or die ("problem inserting new product into database");
        }
    ?>

<!DOCTYPE html>
<html>
<head>
<title>Sign Up</title>

<style>


button {
    text-align:center;
    color: gray;
}
</style>

</head>

<body>
<h2>Sign Up</h2>
<h3>Enter your data to register</h3>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="POST">

    <label class="user-name">Username</label><input type="text" name="username" placeholder="Enter your username" autofocus required"><br><br>
    <label class="pass-word"> Password: </label><input type="password" name="pass" class="info" placeholder="Enter your Password" required ><br><br>

    <button class="lbutton" type="submit" value="Submit">Sign Up</button>
    <p>Already registered? <a href="login2.php">Login</a></p>

</body>
</html>
Daphne
  • 79
  • 2
  • 12
  • 3
    Your button needs `name="submit"` – CD001 Apr 27 '18 at 08:23
  • 2
    If you're just starting out, **now** would be a good time to look up [how to prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) and [password hashing](http://php.net/manual/en/function.password-hash.php) before bad habits set in ;) – CD001 Apr 27 '18 at 08:25
  • I'll definitely look it up – Daphne Apr 27 '18 at 08:29
  • On a side note, your labels need a `for` attribute – brombeer Apr 27 '18 at 08:33

3 Answers3

3

First of all

If form redirects you to the same page you can leave action parameter empty: action=""

Secondly

You check if variable $_POST['submit'] exists but none of your elements in form has name submit so it will never exist. Html form sends variables to array $_POST using names of fields as keys. If name is not given it is a number.

What to do

Add name="submit" to your submit button and that should work.

Change name="pass" to name="password" in your password input or change in php $_POST['password'] to $_POST['pass'].

Also close your form (</form>). Modern browsers close it automaticly but it is still incorrect.

Additional hints

Accessing $_POST directly is not a good practice. Here is a better solution: $username = filter_input(INPUT_POST, 'username') instead of $username = $_POST['username']

It is also a good idea to use filter_var function when inserting variables to SQL query. Example: $username = filter_var(FILTER_SANITIZE_STRING, $username)

Krzysztof Janiszewski
  • 3,763
  • 3
  • 18
  • 38
2

Try to close the form.

  <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" 
  method="POST">

 <label class="user-name">Username</label><input type="text" name="username" 
 placeholder="Enter your username" autofocus required"><br><br>
<label class="pass-word"> Password: </label><input type="password" 
name="pass" class="info" placeholder="Enter your Password" required ><br> 
<br>

 <button class="lbutton" type="submit" value="Submit">Sign Up</button>
 <p>Keni nje adrese? <a href="login2.php">Futu</a></p>
</form>
Tinchu
  • 23
  • 7
2

If you are doing this way, the submit button should have a name, which will include it in the post array.

<button class="lbutton" type="submit" name="submit" value="Submit">Sign Up</button>

On th form submit, post array is created for all the elements inside the form having a valid name attribute.

You also need to close <form></form>

Rahul Patel
  • 639
  • 6
  • 12