Inserting user to database with a formular doesn`t work

Question

I want to check, if the User, I add to the database, is already existing and if something was typed in the formular. When the checks are correkt the data I typed in the formular should be added to my database, but it doesn`t. It has to do something with the while statement, because when I delete these lines it works but it adds an user everytime i refresh the page.

    <?php

                    $host = 'localhost';
                    $user = 'root';
                    $password = 'FIoLTAZo1pEar83N';
                    $dbname = 'studenten';

                    $dsn = 'mysql:host='. $host .';dbname='. $dbname;
                    $pdo = new PDO($dsn, $user, $password);
                    $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
                    $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

                    if(isset($_POST["u_name"]) && (null !== $_POST["u_name"])){
                        if ($_SERVER["REQUEST_METHOD"] == "POST") {
                            $user_name = $_POST["u_name"];
                            $first_name = $_POST["vorname"];
                            $last_name = $_POST["nachname"];
                            $user_password = $_POST["passwort"];
                        }
                    }

                    if(isset($_POST["u_name"]) && (null !== $_POST["u_name"])){
                        $suchen = $_POST['u_name'];
                        $sql = 'SELECT * FROM studenten WHERE user_name LIKE ?';
                        $stmt = $pdo->prepare($sql);
                        $stmt->execute([$suchen]);
                        while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
                            if($row['user_name'] == null){
                                $sql = 'INSERT INTO studenten(user_name, first_name, last_name, user_password) VALUES(:user_name, :first_name, :last_name, :user_password)';
                                $stmt = $pdo->prepare($sql);
                                $stmt->execute(['user_name' => $user_name, 'first_name' => $first_name, 'last_name' => $last_name, 'user_password' => $user_password]);
                                unset($_POST["u_name"]);
                        }}}                            
                ?>

    <form id='formular_eins' method="post" action="admin.php">
                        <p class="eigenschaften">User Name:</p>
                        <input type='text' name='u_name' placeholder='User Name' required maxlength="7" minlength="7">
                        <br><br>
                        <p class="eigenschaften">Vorname:</p>
                        <input type='text' name='vorname' placeholder='Vorname' required>
                        <br><br>
                        <p class="eigenschaften">Nachname:<p>
                        <input type='text' name='nachname' placeholder='Nachname' required>
                        <br><br>
                        <p class="eigenschaften">Passwort:</p>
                        <input type='text' name='passwort' placeholder='Passwort' maxlength="15" minlength="6" required>
                        <br><br><br>
                        <button type='submit' name="btn" class="btn_speichern" onclick="leeren()">Speichern</button>
                    </form>

**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, Nov 10 '19 at 11:15

score -1 · Answer 1 · answered Nov 10 '19 at 12:17

First of all you can use ?? operator, it will make your code better:

$host = 'localhost';
$user = 'root';
$password = 'FIoLTAZo1pEar83N';
$dbname = 'studenten';

$dsn = 'mysql:host='. $host .';dbname='. $dbname;
$pdo = new PDO($dsn, $user, $password);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

$user_name = $_POST["u_name"] ?? $_POST["u_name"];
$first_name = $_POST["vorname"] ?? $_POST["vorname"];
$last_name = $_POST["nachname"] ?? $_POST["nachname"];
$user_password = $_POST["passwort"] ?? $_POST["passwort"];

if($user_name){
  $suchen = $user_name;
  $sql = 'SELECT * FROM studenten WHERE user_name LIKE ?';
  $stmt = $pdo->prepare($sql);
  $stmt->execute([$suchen]);
  while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
      if(!$row){
          $sql = 'INSERT INTO studenten(user_name, first_name, last_name, user_password) VALUES(:user_name, :first_name, :last_name, :user_password)';
          $stmt = $pdo->prepare($sql);
          $stmt->execute(['user_name' => $user_name, 'first_name' => $first_name, 'last_name' => $last_name, 'user_password' => $user_password]);
          unset($_POST["u_name"]);
        }
    }
}

I don't think, that you need use fetch method, use fetchAll https://www.php.net/manual/en/pdostatement.fetchall.php After that, use print_r to check what will return $row = $stmt->fetchAll() and check what will return $stmt->execute statment after INSERT command. And you use sometimes password sometimes passwort(maybe this is mistake)

Thanks, i tried everything you said, but i couldn`t figgure out what the problem is. — Kai, Nov 10 '19 at 13:38
Ok. Try to set displaying errors ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); — Minatula Shakhbazov, Nov 10 '19 at 13:50
After that, send what will return print_r with row = $stmt->fetchAll() and $stmt->execute . It will help to understand what happens — Minatula Shakhbazov, Nov 10 '19 at 13:53

Inserting user to database with a formular doesn`t work

1 Answers1