sending data from a form to a mysql database

Question

My data input to a registration form is not being added to my database. The code is below.

The first set of php is within the html file with the html form. The last php code I have included is registrationUpload.php.

<?php 

include ('registrationUpload.php');
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];

if (!$_POST['submit']) {
    echo "all fields are required";
}
else {
    $sql = "INSERT into accounts (username, password, email, firstname, lastname)
        values ('$username','$password','$email','$firstName','$lastName')";

    if (mysqli_query($conn, $sql) {
        echo "data creation successful";
    }
    else {
        echo "something went wrong";
    }
}

?>


<form action = "registrationUpload.php" method = "POST">
<p>Username</p>
<input type = "text" name = "username" placeholder = "Enter Username">
<p>Password</p>
<input type = "password" name = "password" placeholder = "Enter Password">
<p>Email</p>
<input type = "email" name = "email" placeholder = "Enter Email Address">
<p>First name</p>
<input type = "firstName" name = "firstName" placeholder = "Enter your first name">
<p>Last name</p>
<input type = "lastName" name = "lastName" placeholder = "Enter your last name">
<input type = "submit" name = "submit" value = "Login"><br>

registrationUpload.php

$dbhost = "localhost";
$dbuser = "root";
$dbpass = "5091632u";
$db = "registrations_db";

$conn = new mysqli ($dbhost, $dbuser, $dbpass, $db);

if($conn->connect_error){
    echo "connection failed";
}
else {
    "connection was successful";
}

Hi Sean. 1. The question is not about phpmyadmin or xampp, these are just the tools you might be using. 2. We need to know your DB schema to be able to help you here. 3. You really should look into Prepared statements either using mysqli or PDO. Your code is not protected against SQL injection. 4. Don't share your credentials to a DB online. — Dharman, Dec 15 '18 at 19:17
What errors are you getting? If you don't already have error reporting turned on use `ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);` — Dave, Dec 15 '18 at 19:18
Your action is `registrationUpload.php`, so you just connect to the database and do nothing else. It should be the script of your first code example. — ivion, Dec 15 '18 at 19:22
oh god man i'm not getting any errors and please stop speaking if sql injection that isn't what my question is about. my error is that when i fill out the registration form the information is not being sent to my database as it should be. i will deal with the injection when i get this to work. no answaer has olved my issue although i appreciate the attempts to help, i just need to be able to look at my database and see that the email, username, firstname etc has been added when i fill out the registration form — Sean Kelly, Dec 16 '18 at 02:59

score 0 · Answer 1 · answered Dec 15 '18 at 19:26

Your problem is a typo, a missing ):

if (mysqli_query($conn, $sql) {

should be:

if (mysqli_query($conn, $sql)) {

You could have caught this using an IDE or decent text editor or by checking your logs.

Also, you need to be checking errors with mysqli_error() and mysqli_errno().

Finally, you are wide open to SQL injection. You need to use prepared statements, rather than concatenating variables into your query. Simply escaping your variables is not enough. See How can I prevent SQL injection in PHP?.

sending data from a form to a mysql database

1 Answers1