0

PHP form sending data but SQL shows zeros in all columns.

I checked my code is correct and it prints the result but when I am sending this data to database all the column shows 0 in result. Date of birth is just showing year not complete date.

This is the result of the SQL:

enter image description here

This is my PHP code:

<?php 
        include('../dbcon.php');     //database included
        if (isset($_POST['signup'])) {

        $uname = $_POST['uname'];
        $email = $_POST['email'];
        $fname = $_POST['firstname'];
        $lastName = $_POST['lastname'];
        $dob = $_POST['dob'];
        $gender = $_POST['gender'];
        $password = $_POST['password'];

        $qry = "INSERT INTO `registration`(`uname`, `email`, `fname`, `lname`, `dob`, `gender`, `password`) VALUES ('$uname','$email','$fname','$lastName','$dob','$gender','$password')" ; //query taken from the select section of sql form registration.
        $run = mysqli_query($dbcon, $qry); //run variable for running the query. $dbcon is database variable 

        if ($run == true) {
            echo "data inserted";    
        }
        else
        {
            echo "error occurred in registration";
        }
}
?>
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Irfan Khan
  • 107
  • 5
  • 17
  • Are you inserting the date using 'YYYY-MM-DD' format?. You might want to use prepared statements https://www.w3schools.com/php/php_mysql_prepared_statements.asp If I did understand correctly rows get inserted but colums are populated with zeroes?. Can you add a select * from table after an insert? Did you check inserted data matches columns data types? – sms Jun 12 '18 at 21:09
  • basic debug steps: make sure error checking and display are on, echo variables. –  Jun 12 '18 at 21:23
  • No I am inserting the data to sql, I have checked html code is correct. all the names of the columns are correct. I have selected the the query from query section in sql, insert . – Irfan Khan Jun 12 '18 at 21:52
  • What is the error in my above code? what I can add to this code? – Irfan Khan Jun 12 '18 at 21:53
  • I would guess your MySQL column types are wrong. Probably integer and you are trying to insert text. – Rok D. Jun 12 '18 at 21:56
  • check this post https://stackoverflow.com/questions/1215368/how-to-get-the-mysql-table-columns-data-type to check your columns data types and add them to the question please – sms Jun 12 '18 at 22:03
  • Yes Good Answer. Problem resolved. In table I was not mention the type of the data. Now everythig is ok Thanks alo Rok D. – Irfan Khan Jun 12 '18 at 22:22
  • 1
    You are wide open to [**SQL injection**](https://www.owasp.org/index.php/SQL_Injection). You need to use prepared statements, rather than concatenating variables into your query. See [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1). – elixenide Jun 12 '18 at 23:16

2 Answers2

1

As others pointed out, you are not escaping your code, so when anyone uses a name or password with a single quote, that person has full control of your database. So don't use PHP-variables in SQL-commands and don't use mysqli. Use PDO and prepared statements. They automatically escape everything and even check for the correct datatype (at least a bit).

TO answer your question, what is the structure of the table (which columns are varchar, int, date,... any unique constrains,...) and can you post one example dataset, which you can't insert with your code?

DataVader
  • 740
  • 1
  • 5
  • 19
0

try

$qry = "INSERT INTO `registration`(`uname`, `email`, `fname`, `lname`, `dob`, `gender`, `password`) VALUES (".$uname.",".$email.",".$fname.",".$lastName.",".$dob.",".$gender.",".$password.")" ;

if no work check before send query

$qry = "INSERT INTO `registration`(`uname`, `email`, `fname`, `lname`, `dob`, `gender`, `password`) VALUES (".$uname.",".$email.",".$fname.",".$lastName.",".$dob.",".$gender.",".$password.")" ;
dd($qry);
Eder Barrios Camargo
  • 43
  • 6