-3

i need help with my code. I am trying to insert users details into my database after registration but the details are not inserted into the chosen table.

amongst the items that are being inserted into the table, 4 values are automatically generated.

below is the php code for processing the form and inserting the values into the database, please let me know why the values are not getting inserted. Thank you.

<?php
$msg = "";

    if(isset($_POST['add'])){
        
        $name = addslashes($_POST['name']);
        $email = addslashes($_POST['email']);
        $number = addslashes($_POST['number']);
        $address = addslashes($_POST['address']);
        $balance = addslashes($_POST['balance']);
        $username = addslashes($_POST['username']);

            function generateAccountString($length = 10) 
            {

                $characters = '0123456789';
                $charactersLength = strlen($characters);
                $randomString = '';

                for ($i = 0; $i < $length; $i++) 
                {

                    $randomString .= $characters[rand(0, $charactersLength - 1)];

                }

                return $randomString;

            }

            $account = generateAccountString();

            function generateAccessString($length = 6) 
            {

                $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
                $charactersLength = strlen($characters);
                $randomString = '';

                for ($i = 0; $i < $length; $i++) 
                {

                    $randomString .= $characters[rand(0, $charactersLength - 1)];

                }

                return $randomString;

            }

            $access = generateAccessString();

            function generatePasswordString($length = 8) 
            {

                $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
                $charactersLength = strlen($characters);
                $randomString = '';

                for ($i = 0; $i < $length; $i++) 
                {

                    $randomString .= $characters[rand(0, $charactersLength - 1)];

                }

                return $randomString;

            }

            $password = generatePasswordString();

            function generateCotString($length = 6) 
            {

                $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
                $charactersLength = strlen($characters);
                $randomString = '';

                for ($i = 0; $i < $length; $i++) 
                {

                    $randomString .= $characters[rand(0, $charactersLength - 1)];

                }

                return $randomString;

            }

            $cot = generateCotString();

        if($name != "" && $email != "" && $username != "" && $address != "" && $number != "" && $balance != ""){

            $_SESSION['name'] = $name;
            $_SESSION['email'] = $email;
            $_SESSION['number'] = $number;
            $_SESSION['address'] = $address;
            $_SESSION['balance'] = $balance;
            $_SESSION['username'] = $username;
            $_SESSION['cot'] = $cot;
            $_SESSION['access'] = $access;
            $_SESSION['account'] = $account;
            $_SESSION['password'] = $password;

            $sql = "INSERT INTO `user`(`name`, `email`, `number`, `address`, `acc-no`, `balance`, `username`, `password`, `cot`, `access`) VALUES ('$name','$email','$number','$address','$account','$balance','$username','$password','$cot','$access')";
            
            if (mysqli_query($con, $sql)) {
            header ('Location: successful');
            }
            else{
                $msg = "Something went wrong, please try again.";
            }

            
        } else { 
        $msg = "Please Fill Out All Fields!"; 
        }
    }   

?>

I'd appreciate any insight.

Ola Kazeem
  • 11
  • 6
  • 1
    any output you get might be helpful, if there is none, maybe add some debug outputs. Also: your code is vulnerable to sql injections. – Jakumi Jul 23 '18 at 21:19
  • 1
    "Also: your code is vulnerable to sql injections" indeed @Jakumi vulnerable to second order SQL injections (stored) or blind SQL injection where you misuse MySQL's SLEEP() function to probe for information like used table (one charakter at a time) used columns (one charakter at a time) if you know those you can probe for a valid username and password (one charakter at a time). So topicstarter you better fix that by reading https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Raymond Nijland Jul 23 '18 at 21:27
  • 1
    You should read on SQL injection – E_p Jul 23 '18 at 21:27
  • 2
    Instead of just printing "Something went wrong", why don't you print the error message from `mysqli_error($con)`? – Barmar Jul 23 '18 at 21:31
  • @Barmar thanks. that helped me find out what was wrong. – Ola Kazeem Jul 23 '18 at 22:04

1 Answers1

0

Try changing your INSERT query into this:

$sql = "INSERT INTO `user`(`name`, `email`, `number`, `address`, `acc-no`, `balance`, `username`, `password`, `cot`, `access`) VALUES ('{$name}','{$email}','{$number}','{$address}','{$account}','{$balance}','{$username}','{$password}','{$cot}','{$access}')";
alimbaronia
  • 504
  • 2
  • 10