0

I face problem while connecting to database. always getting message ( "message":"Unable to save the data to the database." ) when i execute register to my local server.

register.php

  <?php
     error_reporting(0);
      require "init.php";

$fname = $_POST["name"];
$lname = $_POST["password"];
$qualifiers = $_POST["qualifiers"];
$signature = $_POST["signature"];


$sql = "INSERT INTO user_info (id,Fname, Lname, Qualifiers, SigNature) VALUES (NULL, '".$fname."', '".$lname."', '".$qualifiers."', '".$signature."');";
if(!mysqli_query($con, $sql)){
    echo '{"message":"Unable to save the data to the database."}';
}
?>

init.php 

    <?php

error_reporting(0);

$db_name = "app";
$mysql_user = "root";
$mysql_pass = "";
$server_name = "localhost";

$con = mysqli_connect($server_name, $mysql_user, $mysql_pass, $db_name);

if(!$con){
    echo '{"message":"Unable to connect to the database."}';
}

?>
jassim
  • 9
  • 1
  • 6
  • 1
    You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. – John Conde May 18 '18 at 13:20
  • 1
    Your script is at risk of [SQL Injection Attack](//stackoverflow.com/questions/60174) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](//stackoverflow.com/questions/5741187) Use [prepared parameterized statements](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde May 18 '18 at 13:20
  • am just creating a demo test for my app at this time. – jassim May 18 '18 at 13:21
  • **Never store plain text passwords!** Please use **[PHP's built-in functions](http://php.net/manual/en/function.password-hash.php)** to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() **[compatibility pack](https://github.com/ircmaxell/password_compat)**. Make sure you **[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)** or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. – John Conde May 18 '18 at 13:23
  • `error_reporting(0);` isn't going to help you when debugging. Set it to `error_reporting(-1);` instead. – Qirel May 18 '18 at 13:24
  • Even if it is a demo, you should do it the proper way to begin with - doing it the right way from the get-go will learn you how to do it properly, instead of having to learn it twice over. – Qirel May 18 '18 at 13:24
  • i got this error Notice: Undefined index: name in C:\xampp\htdocs\myfile\register.php on line 6 Notice: Undefined index: password in C:\xampp\htdocs\myfile\register.php on line 7 Notice: Undefined index: qualifiers in C:\xampp\htdocs\myfile\register.php on line 8 Notice: Undefined index: signature in C:\xampp\htdocs\myfile\register.php on line 9 {"message":"Unable to save the data to the database."} – jassim May 18 '18 at 13:28
  • Using prepared statements has the added benefit of bypassing the need to quote your variables. Even if you ignore the SQL injection issue because "it's just for testing", you can't ignore the benefit of never having to worry about quoting issues. – aynber May 18 '18 at 13:29
  • the thing is i dont know php a lot so am following one tutorial on this , while i need to submit demo app just for testing. so if i need to modify my code to worked at this time. need solution. (thanks for advanced) – jassim May 18 '18 at 13:31
  • https://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef – aynber May 18 '18 at 13:31
  • i just need modifiecation of my code. – jassim May 18 '18 at 13:41

0 Answers0