I can't get my php data base to work correctly

Question

So I'm trying to link my html to my php database but whenever I open up my browser to 'localhost/cs/staff/sign_up.php'only the message 'Firstname should not be empty' comes up. How do I fix this?

----My 'sign_up.html' code----

    <body>

    <form method="post" action="../sign_up.php" style="border:1px solid #ccc">
      <div class="container">
        <h1>Sign Up</h1>
        <p>Please fill in this form to create an account.</p>
        <hr>
        <label for="Firstname"><b>Firstname</b></label>
        <input type="text" placeholder="Enter Firstname" name="firstname" required>

        <label for="Lastname"><b>Email</b></label>
        <input type="text" placeholder="Enter Lastname" name="lastname" required>

        <label for="email"><b>Email</b></label>
        <input type="text" placeholder="Enter Email" name="email" required>

        <label for="psw"><b>Password</b></label>
        <input type="password" placeholder="Enter Password" name="psw" required>

        <label for="psw-repeat"><b>Repeat Password</b></label>
        <input type="password" placeholder="Repeat Password" name="psw-repeat" required>

        <label>
          <input type="checkbox" checked="checked" name="remember" style="margin-bottom:15px"> Remember me
        </label>

        <p>By creating an account you agree to our <a href="#" style="color:dodgerblue">Terms & Privacy</a>.</p>

        <div class="clearfix">
          <button type="button" class="cancelbtn">Cancel</button>
          <button type="submit" class="signupbtn">Sign Up</button>
        </div>
      </div>
    </form>

    </body>

---My 'sign_up.php' code---

    <?php
     $f_name = filter_input(INPUT_POST, 'firstname');
     $l_name = filter_input(INPUT_POST, 'lastname');
     $email = filter_input(INPUT_POST, 'email');
     $password = filter_input(INPUT_POST, 'psw');
      if (!empty($f_name)){
        if (!empty($l_name)){
          if (!empty($email)){
            if (!empty($password)){
              $DB_SERVER = "localhost";
              $DB_USERNAME = "root";
              $DB_PASSWORD = "";
              $DB_NAME = "project";
              // Create connection
              $conn = new mysqli ($host, $dbusername, $dbpassword, $dbname);
              if (mysqli_connect_error()){
              die('Connect Error ('. mysqli_connect_errno() .') '
              . mysqli_connect_error());
              }
              else{
              $sql = "INSERT INTO account (firstname, lastname, email, password)
              values ('$firstrname', '$lastname','$email', '$password')";
              if ($conn->query($sql)){
              echo "New record is inserted sucessfully";
              }
              else{
              echo "Error: ". $sql ."
              ". $conn->error;
              }
              $conn->close();
            }
          }
    else{
      echo "Password should not be empty";
          die();
    }
    }
    else{
      echo "Email should not be empty";
        die();
    }
    }
    else{
      echo "Lastname should not be empty";
      die();
     }
    }
     else{
       echo "Firstname should not be empty";
       die();
     }
     ?>

I'm still new at coding so sorry if the error is something really simple and noobish.

Please read about **[SQL injection](https://en.wikipedia.org/wiki/SQL_injection)**. Instead of building queries with string concatenation, use **[prepared statements](https://secure.php.net/manual/en/pdo.prepare.php)** with **[bound parameters](https://secure.php.net/manual/en/pdostatement.bindparam.php)**. See **[this page](https://phptherightway.com/#databases)** and **[this post](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)** for some good examples. — John Conde, Feb 27 '19 at 01:15
**Never store plain text passwords!** Please use **[PHP's built-in functions](//php.net/manual/en/function.password-hash.php)** to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() **[compatibility pack](https://github.com/ircmaxell/password_compat)** (and you should consider upgrading to a supported version of PHP). Make sure you **[don't escape passwords](//stackoverflow.com/q/36628418/1011527)** or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. — John Conde, Feb 27 '19 at 01:15
Did you verify that the variable contains a value? What does `var_dump($_POST);` show? This is pretty basic debugging. — John Conde, Feb 27 '19 at 01:16
This is a problem that likely wouldn't exist without the needlessly nested if/else forest. — mario, Feb 27 '19 at 01:18
Avoid the [arrow anti-pattern](http://wiki.c2.com/?ArrowAntiPattern) — John Conde, Feb 27 '19 at 01:21
Thanks for the replies but I don't really know how I'd write it in SQL. It's all very confusing to me, we haven't been taught this in class so I tried following a tutorial and ended up with the code above — O Sparks, Feb 27 '19 at 01:27
`…whenever I open up my browser to 'localhost/cs/staff/sign_up.php'` → Well, that would be a GET request. And naturally none of the POST values from your form will be present for that request. — mario, Feb 27 '19 at 01:28
See also: ["Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP](//stackoverflow.com/q/4261133) — mario, Feb 27 '19 at 01:30
Add `name="add"` attribute to the submit button and check `if(isset($_POST['add']))`. As @mario explained, you are printing this message when the page is requested in other way than by your form. — Pinke Helga, Feb 27 '19 at 01:58

Vidal · Answer 1 · 2019-02-27T01:53:57.730

0

You are saving the $_POST values of the variable firstname on $f_name and lastname on $l_name

This is your code.

$f_name = filter_input(INPUT_POST, 'firstname');
$l_name = filter_input(INPUT_POST, 'lastname');

You have to update your sql, to match the variable names.

$sql = "INSERT INTO account (firstname, lastname, email, password)
              values ('$f_name', '$l_name','$email', '$password')";

edited Feb 27 '19 at 01:53

answered Feb 27 '19 at 01:24

Vidal

2,605
2
16
32

Thanks for the response, I just fixed that but I keep receiving the same error. – O Sparks Feb 27 '19 at 01:29
Typo corrections are comments but answers. There's even a flag to close typo based questions: *"This question was caused by a problem that can no longer be reproduced or a simple typographical error. While similar questions may be on-topic here, this one was resolved in a manner unlikely to help future readers. This can often be avoided by identifying and closely inspecting the shortest program necessary to reproduce the problem before posting."* – Pinke Helga Feb 27 '19 at 01:35

I can't get my php data base to work correctly

1 Answers1