Blank entry when inserting into mysql (database)

Question

i am trying to create a login and registration page using php and mysql but i met with some problem.

I reference to this video and the code is below (the code is incomplete, i only did for registration).

So the problem is that when i submit an entry using the register side, my database shows a blank record. I tried various method like

$reg = "INSERT INTO usertable (user,pwd) values ('".$user."','".$pwd."')";

but it did not work and when i did this:

$reg = "INSERT INTO usertable (user,pwd) values ('ABC','1234')";

it worked. What should i do to insert entry using the input text?

<?php
 session_start();
 $conn = mysqli_connect('localhost', 'root', '1234');
 mysqli_select_db($conn,'registeration');
 
 $user = $_POST["user"];
 $pwd = $_POST["pwd"];
 
 $s = "select * from usertable where user = '$user'";
 $result = mysqli_query($conn,$s);
 
 
 $num = mysqli_num_rows($result);
 
 if($num == 1){
  echo"Username Already Taken";  
 }
 else{
  $reg = "INSERT INTO usertable (user,pwd) values ('$user','$pwd')";
  mysqli_query($conn,$reg);
 }
?>

<h2> Register Here </h2>
<form action="index.html" method="post">
<label>Username</label>
<input type="text" name="user" required>
<label>Password</label>
<input type="text" name="pwd" required>
<br><button type="submit"> Login </button>
</form>

you should read up on securing passwords https://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords — nbk, Oct 26 '19 at 02:39

TOM · Answer 1 · 2019-10-26T03:23:22.517

0

A easy way to know what's full SQL query string the program or you have made. $reg = "INSERT INTO usertable (user,pwd) values ('$user','$pwd')"; echo $reg
It is better use {} to instead of . to insert variable into a string. $reg = "INSERT INTO usertable (user,pwd) values ('{$user}','{$pwd}')";
To be sure the POST/GET action target is correct, For your current code I am not sue index.html can handle it, probably it should be $_SERVER["PHP_SELF"]
To understand PHP String Operators, please refer to https://www.php.net/manual/zh/language.operators.string.php

edited Oct 26 '19 at 03:23

answered Oct 26 '19 at 03:17

TOM

3
2

Thank you so much for the replies, i found my mistake and had amended it! By the way, its really is better to use {}! – Han Angeline Oct 26 '19 at 03:35

score 0 · Answer 2 · answered Oct 26 '19 at 03:34

I found my mistake. I wrote my php and the register table (together in registration.php) however, my form redirects me to index.html. I copied and pasted my php into my index.php (changed the name) and it worked.

Thanks for those who helped me!

<h2> Register Here </h2>
<form action="index.php" method="post">
<label>Username</label>
<input type="text" name="user" required>
<label>Password</label>
<input type="text" name="pwd" required>
<br><button type="submit"> Login </button>
</form>

Blank entry when inserting into mysql (database)

2 Answers2