0

I am having a problem with the following code:

<?php
  if (isset($_POST["newuser"])) {

      include('Connections/conn.php');
      $name = mysqli_real_escape_string($conn, $_POST["name"]);
      $username = mysqli_real_escape_string($conn, $_POST["username"]);
      $age = mysqli_real_escape_string($conn, $_POST["age"]);
      $email = mysqli_real_escape_string($conn, $_POST["email"]);
      $password = mysqli_real_escape_string($conn, $_POST["password"]);

      $uid = uniqid();
      $registration = "INSERT INTO KG_user(id,name,username,email,age,password,type,points,groupID,emailstatus,forumstatus) VALUES ('NULL','$name','$username','$email','$age','$password',1,0,0,1,1)";
      $registration2 = "INSERT INTO KG_notifications(id,icon,message,user,link) VALUES (NULL,'far fa-smile', 'Welcome to Kinder Generation, we have amazing articles to get you started!','$username','!')";
      $registrationresult = mysqli_query($conn, $registration) or die(mysqli_error($conn));
      $registrationresult2 = mysqli_query($conn, $registration2) or die(mysqli_error($conn));

      $username = $_SESSION["3047_2019_id"];
      header("location: secure/hub.php");
      exit;


      $to = "$email";
      $subject = "Thank you for registering to Kinder Generation!";

      $message = "
<html>
<head>
<title>HTML email</title>
</head>
<body>
<p>This email contains HTML Tags!</p>
<table>
<tr>
<th>Firstname</th>
<th>Lastname</th>
</tr>
<tr>
<td>John</td>
<td>Doe</td>
</tr>
</table>
</body>
</html>
";

      // Always set content-type when sending HTML email
      $headers = "MIME-Version: 1.0" . "\r\n";
      $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";

      // More headers
      $headers .= 'From: <info@kindergeneration.com>' . "\r\n";


      mail($to, $subject, $message, $headers);


  }
  ?>

I'm not sure what's going wrong, I have set the form to method="POST" and action = "" and have also named the form id ="newuser" and set the submit button id as "newuser".

Any help would be amazing!

Here is the updated form I'm still not sure what's going on here. I've done this many times, I reckon it's just a silly mistake. 

<form  method="POST" action="" name="newuser" id="newuser" class="px-5">
                <h1 class="">Register now!</h1>
                  <div id="error">
                  </div>

                  <div class="form-group row"> <label for="name" class="col-form-label col-4">Name</label>
                  <div class="col-10">
                    <input type="text" name ="name" class="form-control" id="name" placeholder="Name" required="required"> </div>
                </div>
                <div class="form-group row"> <label for="username" class="col-form-label col-4">Username</label>
                  <div class="col-10">
                    <input type="text" name ="username" class="form-control" id="username" placeholder="Username" required="required"> </div>
                </div>
                <div class="form-group row"> <label for="age" class="col-form-label col-4">Age</label>
                  <div class="col-10">
                    <input type="number"  name ="age" class="form-control" id="age" placeholder="Age" required="required"> </div>
                </div>
                <div class="form-group row"> <label for="email" class="col-form-label col-4">E-mail</label>
                  <div class="col-10">
                    <input type="email" class="form-control" id="email" placeholder="E-mail" required="required"> </div>
                </div>
                <div class="form-group row"> <label for="email" class="col-form-label col-4">E-mail</label>
                  <div class="col-10">
                    <input type="email" name ="cemail" class="form-control" id="cemail" placeholder="Enter again..." required="required"> </div>
                </div>
                <div class="form-group row"> <label for="password" class="col-form-label col-4">Password</label>
                  <div class="col-10">
                    <input type="password" class="form-control" id="password" placeholder="Password" required="required"> </div>
                </div>
                <div class="form-group row"> <label for="password" class="col-form-label col-4">Password</label>
                  <div class="col-10">
                    <input type="password" name ="cpassword" class="form-control" id="cpassword" placeholder="Password" required="required"> </div>
                </div>
                  <div id="usersave">
                  </div>
                  <div id="usersavet">
                  </div>
                <button type="submit" id="usersubmit" class="btn btn-primary btn-block btn-lg">Submit</button>
              </form>
tk421
  • 5,775
  • 6
  • 23
  • 34
Sean Kane
  • 11
  • 5
  • getting error? please share – devpro Feb 20 '19 at 15:51
  • Hi theres no error just wont add to database or redirect – Sean Kane Feb 20 '19 at 15:52
  • 2
    1) `print_r($_POST)` check what r u getting 2) your code is open for SQL injection, use PDO. 3) if `id` is primary key of the table, then no need to use in query, its AUTO increament. 4) where is `
    ` 5)"$email" no need to use quotes here. 6) email will not send due to redirection. 7) `session_start()` is missing 8) plain password is an another problem
     – devpro Feb 20 '19 at 15:53
  • Please update your question and include the code that has your form. – Dave Feb 20 '19 at 15:55
  • @devpro thank you, this is just for a small project that isn't to be deployed its purely for functionality and so thats why I am using mysqli. I hadn't noticed that I had 'id' in there. I am just trying to get the form to submit then add in all the secuirty extras such as password encryption etc.. I am going to add the form to the code now as it still wont submit. – Sean Kane Feb 20 '19 at 16:08
  • plz add form in your question – devpro Feb 20 '19 at 16:09
  • Thats it added now guys – Sean Kane Feb 20 '19 at 16:14
  • The submit button is not named `newuser` – Adder Feb 20 '19 at 16:17
  • @Adder wow! Maybe it time to take a break :') thank you ahaha – Sean Kane Feb 20 '19 at 16:19
  • `if (isset($_POST["newuser"])) {` should be `if(count($_POST) > 0)` – devpro Feb 20 '19 at 16:19
  • he should be using `if(isset($_POST[submit]))` and change his submit button from ` – Kebab Programmer Feb 20 '19 at 16:57
  • yes he can, he can also use a name attribute on button and third solution is to check count($_POST) @KebabProgrammer – devpro Feb 21 '19 at 06:52
  • accepting the correct answer will help to future visitors – devpro Feb 21 '19 at 13:21

1 Answers1

0

After posted <form> code, here is the issue:

$_POST["newuser"] is not a input field, this is form name which you are using. so you can add this as a <button> name or change this line:

if (isset($_POST["newuser"])) {

to:

if(count($_POST) > 0){

Side Note: your code is wide open for SQL Injection, you can use PDO here to prevent SQL Injection, and also check my comment for few tips.

Some References:

How can I prevent SQL injection in PHP?

Are PDO prepared statements sufficient to prevent SQL injection?

devpro
  • 16,184
  • 3
  • 27
  • 38