-1

i'm trying to insert data into my database mariadb the code is the following:

<?php

require 'conexion.php';
    $name = $_POST['name'];
    $apellidos = $_POST['apellido'];
    $email = $_POST['email'];
    $pwd = $_POST['pwd'];
    $rnd = rand(100000, 999999);

    $sql = "INSERT INTO usuarios (nombre,apellido,correo,id_usuario,contraseña,random,fecha,qr) VALUES ('$name', '$apellidos', '$email','$rnd','$pwd','$rnd',NOW(), 'https://stackoverflow.com');";
    mysql_select_db('usuario1');

    $retval = mysql_query($sql, $con);
        echo'it's ok';
    if (!$retval) {
        die('Could not enter data: '.mysql_error());
    }

    echo "Entered data successfully\n";
    mysql_close($conn);

?>

the rnd is just for a test. the connection is successfull. i have tested it. when i do the insert the page is in blank. it doesn't show me an error message.

manuel borner
  • 45
  • 4
  • 2
    FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They have been deprecated since v5.5 (Jun 2013) and removed since v7.0 (Dec 2015). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. – John Conde Feb 20 '19 at 20:26
  • 1
    Please read about **[SQL injection](https://en.wikipedia.org/wiki/SQL_injection)**. Instead of building queries with string concatenation, use **[prepared statements](https://secure.php.net/manual/en/pdo.prepare.php)** with **[bound parameters](https://secure.php.net/manual/en/pdostatement.bindparam.php)**. See **[this page](https://phptherightway.com/#databases)** and **[this post](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)** for some good examples. – John Conde Feb 20 '19 at 20:26
  • You have obvious syntax errors. Turn on error reporting to see them. – John Conde Feb 20 '19 at 20:26
  • **Never store plain text passwords!** Please use **[PHP's built-in functions](//php.net/manual/en/function.password-hash.php)** to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() **[compatibility pack](https://github.com/ircmaxell/password_compat)** (and you should consider upgrading to a supported version of PHP). Make sure you **[don't escape passwords](//stackoverflow.com/q/36628418/1011527)** or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. – John Conde Feb 20 '19 at 20:27
  • php.ini set display_errors = on – Peter Szalay Feb 20 '19 at 21:31

1 Answers1

2

You're doing pretty lightweight stuff, use existing tools for this instead of manually re-inventing the wheel.

Take a look at Medoo(https://medoo.in), it's a light weight database framework.

Install it with composer(see docs) and do something like this:

<?php

require 'vendor/autoload.php';
use Medoo\Medoo;

$database = new Medoo([
    'database_type' => 'mysql',
    'database_name' => 'name',
    'server' => 'localhost',
    'username' => 'your_username',
    'password' => 'your_password'
]);

$database->insert("usuarios", [
    "nombre" => $name,
    ...
]);

Don't forget the change how you store passwords like John Conde mentioned.

Been using Medoo whenever I'm in need of small scripts that do light database work and works perfect for use cases like you're describing.

Nico
  • 559
  • 4
  • 22