-2

I have created a mysql database instance in AWS free tier account. Which listens on port 3306. And I have one instance up and running with mysql Ver 14.14 Distrib 5.7.28, for Linux (x86_64) using EditLine wrapper, PHP 5.4.16 (cli), and version: Apache/2.4.39 () Server. I have a sign up page and a action_page.php to get the details from user and store it in DB.

Config file :

<?php
$connection = mysql_connect('DB-endpoint:3306', 'admin', 'pass');
if (!$connection) {
    die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($connection);
?>

Inserting data :

<?php
  include('config.php');            
    if (isset($_POST['submit'])) {
        $name = $_POST['uname'];
        $pass = $_POST['psw'];
        $bool = true;
        if ($bool) {
                     mysqli_query($connection, "insert into login_detail(name,pass) values ('$name','$pass')");

        Print '<script>alert("Successfully Added!");</script>';
        Print '<script>window.location.assign("");</script>';
                   }
      }

?>

After entering the signup details the data's are not storing on my DB

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Vignesh Srirangan
  • 1
  • 1
  • Your code is vulnerable to SQL injection. You should use prepared statements. – Dharman Oct 14 '19 at 11:09
  • Please, do not store plaintext passwords in the database. You should only store secure hashes made by `password_hash()` – Dharman Oct 14 '19 at 11:11
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Oct 14 '19 at 11:56
  • **Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Oct 14 '19 at 11:56
  • Thanks for giving me the fair ideas :) – Vignesh Srirangan Oct 16 '19 at 11:43

1 Answers1

0

Because you are closing database without insert.

remove this line from config file

mysql_close($connection);

and add this mysql_close($connection); after this code

if (isset($_POST['submit'])) {
        $name = $_POST['uname'];
        $pass = $_POST['psw'];
        $bool = true;
        if ($bool) {
                     mysql_query("insert into login_detail(name,pass) values ('$name','$pass')");

        Print '<script>alert("Successfully Added!");</script>';
        Print '<script>window.location.assign("");</script>';
                   }
      }

and you can't use mysql and mysqli together. They are separate APIs and the resources they create are incompatible with one another.

Nazim
  • 9
  • 3