0

I'm making a relatively easy login and register form to practice my web skills and I'm having issues with the PHP/SQL portion of the site I have a very simple form with email password username and full name options but whenever I fill in the form and click submit the query will be send with the posted data but it will not be added to the database.

What does work if for example i have my if(isset($POST["submitbutton"]))

and I put an ! in front of the isset the data WILL be sent into the database with no errors so this led me to believe something is wrong with my POST or submit button

P.S: i have also tried using print_r and var_dump. Both gave me results such as this if i put var_dump BEFORE the if(isset) i get this, array(4) { ["reg_username"]=> string(3) "www" ["reg_password"]=> string(3) "waw" ["reg_email"]=> string(16) "test@hotmail.com" ["reg_fullname"]=> string(3) "hhh" }

If I put it after the POST nothing will be shown anymore

This is my database connection file 

<?php   
$host ="localhost";
$user = "root";
$password ="";
$dbname="registerlogin";

$conn =  mysqli_connect($host,$user,$password,$dbname) or die ($conn -> error);

$sql = "SELECT * FROM `users`";

$sqlQuery = mysqli_query($conn,$sql);

$query = array();

while($row = mysqli_fetch_assoc($sqlQuery)){
    $query = $row;
}
?>

this is the register PHP file 

<?php
include_once("db.php");

if(isset($_POST["registerbutton"])){
$username = mysqli_real_escape_string($conn,$_POST["reg_username"]);
$hasedpassword = password_hash($_POST["reg_password"],PASSWORD_BCRYPT);
$email = mysqli_real_escape_string($conn,$_POST["reg_email"]);
$fullname = mysqli_real_escape_string($conn,$_POST["reg_fullname"]);

$sqlInsert = "INSERT INTO `users` (`User-id`,`Username`,`Password`,`Email`,`Fullname`) VALUES (NULL,'$username','$hasedpassword','$email','$fullname')";

if(!$conn){
    die("Error: ".mysql_error());
}

if (count($_POST) > 0){
    mysqli_query($conn,$sqlInsert) or die($conn-> error);
    $message = "Successfully registerd";
} else{
    $message = "Something went wrong";
 }
}

And the HTML file 

<form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"  id="register-form" class="text-left">
            <div class="login-form-main-message"></div>
            <div class="main-login-form">
                <div class="login-group">
                    <div class="form-group">
                        <label for="reg_username" class="sr-only">Email address</label>
                        <input type="text" class="form-control" id="reg_username" name="reg_username" placeholder="username">
                    </div>
                    <div class="form-group">
                        <label for="reg_password" class="sr-only">Password</label>
                        <input type="password" class="form-control" id="reg_password" name="reg_password" placeholder="password">
                    </div>
                    <div class="form-group">
                        <label for="reg_email" class="sr-only">Email</label>
                        <input type="text" class="form-control" id="reg_email" name="reg_email" placeholder="email">
                    </div>
                    <div class="form-group">
                        <label for="reg_fullname" class="sr-only">Full Name</label>
                        <input type="text" class="form-control" id="reg_fullname" name="reg_fullname" placeholder="full name">
                    </div>

                </div>
                <button type="submit" value="Submit form" name="registerbutton"><i class="fa fa-chevron-right"></i></button>
            </div>
            <div class="etc-login-form">
                <p>already have an account? <a href="#">login here</a></p>
            </div>
        </form>
niels van hoof
  • 469
  • 4
  • 19
  • 2
    `isset($_POST["registerbutton"])` would appear to fail because you have no input / button with that name. So chances are, your insert isn't running at all. – Jonnix Aug 28 '19 at 11:01
  • *"My sql insert query works with no errors but does not insert anything into database"* i advice you to read [Showing all errors and warnings](https://stackoverflow.com/questions/5438060/showing-all-errors-and-warnings) as i dont see this in the code i assume PHP does not show them on your server.. – Raymond Nijland Aug 28 '19 at 11:02
  • Just like @Jonnix said. You have to add to your ` – ciekals11 Aug 28 '19 at 11:05
  • Also start learning using try-catch blocks - very simple to implement and saves time catching errors – almaruf Aug 28 '19 at 11:05
  • Hey, thanks for all your suggestions the class was a stupid oversight i have changed it to name = "registerbutton" now but still nothing is posted to the database, also whenever i var dump my $POST my password is never encrypted i suppose this is not normal ? – niels van hoof Aug 28 '19 at 11:22
  • 1
    You should use a prepared statement, and drop those escapes. – Qirel Aug 28 '19 at 11:36
  • @nielsvanhoof The password will not be hashed in `$_POST`. You hash it after. So yes, that is as expected. – Qirel Aug 28 '19 at 11:36
  • It is a very bad idea to use `die(mysqli_error($conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) – Dharman Aug 28 '19 at 16:57

2 Answers2

0

There is a small bug in your code. You are expecting isset($_POST["registerbutton"], and that should be the name of the button. In your code, though, I read:

<button type="submit" value="Submit form" class="registerbutton">

So just change:

class="registerbutton"

to

name="registerbutton"

And that should do.

Qirel
  • 25,449
  • 7
  • 45
  • 62
Quasistar
  • 23
  • 5
0

change class to name in the following Html code:

<button type="submit" value="Submit form" class="registerbutton">

it should be

<button type="submit" value="Submit form" name="registerbutton">
Vintage Coders
  • 162
  • 1
  • 4