-3

Hey can you guys help me with this because I can't figure it out here are the errors.

[04-Nov-2018 15:21:52 UTC] PHP Warning:  mysqli_connect(): (HY000/1045):
Access denied for user 'freeload_retain'@'vps28004.inmotionhosting.com'
(using password: NO) in /home/freeloadboard/public_html/insert.php on 
line 7
[04-Nov-2018 15:21:52 UTC] PHP Warning:  mysqli_select_db() expects 
parameter 1
to be mysqli, boolean given in /home/freeloadboard/public_html/insert.php 
on line 21
[04-Nov-2018 15:21:52 UTC] PHP Warning:  mysqli_query() expects parameter 
1 to be mysqli, boolean given in 
/home/freeloadboard/public_html/insert.php on line 45

Program:

<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

$con = mysqli_connect('##.##.###.##','freeload_retain','');

if(!$con)
{
    echo "Not Connected to Server. ";
}
if(!mysqli_select_db($con, 'freeload_retain'))
{
    echo "Database Not Selected. ";
}

$Companyname = $_POST['companyname'];
$Username = $_POST['username'];
$Password = $_POST['password'];
$Email = $_POST['email'];

$sql = "INSERT INTO clients (companyname, username, password, email) 
VALUES ('$Companyname', '$Username', '$Password', '$Email')";

if(!mysqli_query($con, $sql))
{
    echo "Not Inserted. ";
}
else
{
    echo "Inserted. ";
}
?>

Hope you guys find out the answer soon! Also I'm reusing this question because I can't wait another day to make another question but thanks for helping me out!

Christopher Maennche
  • 9
  • 1
  • 3

1 Answers1

1

To answer your question: It's not working because you're wrapping the column names in brackets, remove these and it should work. You also have a typo. ($comapnyname = $_POST['companyname'];), should be $companyname.

However, there's a few other, bigger issues with your code. You're using the mysql functions, which are deprecated and completely removed from PHP7.

Next to that, you should use prepared statements and bind_param to prevent SQL injections, escaping strings will not accomplish this.

This what it would look like using prepared statements.

// ... Set your database connection variables

/*
 * Create the database connection, notice the
 * usage of mysqli instead of mysql
 */
$connect = new mysqli($host, $user, $password, $database);

/*
 * The query, notice the usage of a question mark
 * on the place of the variables to be inserted
 */
$sql = "INSERT INTO client (cname, tname, pname, ename) VALUES (?, ?, ?, ?)";

// Prepare the query using $connect->prepare()
$stmt = $connect->prepare($sql);

// Check if the query was prepared
if(!$stmt) {
  // ... Handle your error
}

// Get $_POST variables
$companyname = $_POST['companyname'];
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];

if(!$stmt->bind_param('ssss', $companyname, $username, $password, $email)) {
  // ... Handle your error
}

if(!$stmt->execute()) {
  // ... Handle your error
} else {
  echo 'Record inserted.';
}

It also seems that you're inserting the passwords into your database as clear-text, this is a big issue. You should hash them. Write two functions, one to hash the password and one to verify it when users log in.

The first function will return the password hash and the second one will return TRUE or FALSE if the password is correct or incorrect.

function hashPassword($password) {
  return password_hash($password, PASSWORD_DEFAULT);
}

function verifyPassword($password, $hash) {
  return password_verify($password, $hash);
}
rpm192
  • 2,630
  • 3
  • 20
  • 38