0

ive been struggling with this for hours now. i have a 2 step registraton form and transfered all input to session variables and they all work on the second step. however, when i try to insert data to the second table nothing gets stored and i cannot figure out why. 

    <?php
include ("encrypt.php");
$conn =  mysqli_connect($servername, $dbuser, $dbpassword, $dbname);
$problem = '';
$firstName = $_SESSION['firstName'] ;
$lastName = $_SESSION['lastName'];
$email = $_SESSION['email'];
$username= $_SESSION['username'];
$password= $_SESSION['password'];

$pass = encrypt($password);


if(isset($_POST["mysubmit"]) && ($_POST["mysubmit"]=="Submit Form")){
$dOb = mysqli_real_escape_string  ($conn, $_POST["eventDate"]);
$difficulty = mysqli_real_escape_string  ($conn, $_POST ["difficultyCatagory"]);
$club = mysqli_real_escape_string  ($conn,$_POST["clubSelect"]);
echo $dOb, $difficulty, $club, $firstName, $lastName, $email, $username,$password, $pass;



mysqli_autocommit($conn,FALSE);

mysqli_query($conn,"INSERT INTO userBMX (username,password) VALUES ('$username', '$pass')");

mysqli_query($conn,"INSERT INTO userDetailsBMX(userID, firstName, lastName, email, dateofBirth, Status, club) 
VALUES (last_insert_id(),'$firstName','$lastName','$email','$dOb','$difficulty','$club')");

mysqli_commit($conn);

echo 'stored';
/*header ("Location: login.php");*/
}
else{
    echo "ERROR: was not able to execute $conn. " . mysqli_error($conn);
}

?>
Nick
  • 138,499
  • 22
  • 57
  • 95
Matthew Gibson-storey
  • 1
  • Add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any `mysqli_` errors to generate an Exception that you can see on the browser and other errors will also be visible on your browser. – RiggsFolly May 02 '18 at 19:38
  • Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly May 02 '18 at 19:38

0 Answers0