I don't know why I can't connect to my database

Question

I started learning PHP and MySQL. I have seen some instructions and tried to follow, but I just can't get my head around the issue. Here are my codes.

<?php include('connect.php');?>
<html>
<head>
<title>PHP Project</title>
<link rel="stylesheet" href="style.css">
</head>

<body>
    <form method="post" action="connect.php">

    <h1>LOGIN</h1>
    <?php include('errors.php');?>

    <label for="uname">Username</label><br>
    <input type="text" id="username" placeholder="username" name="username"><br>

    <label for="email">Email</label><br>
    <input type="text" id="email" placeholder="example@mailextension.com" name="email"><br>

    <label for="password">Password</label><br>
    <input type="password" id="pswd" name="password"><br>

    <input type="button" id="btn" value="Login" name="Login">

    </form>
</body>
</html>

My supposed PHP connection to database and commands...

<?php

    $username = "";
    $email = "";..
    $password = "";
    $errors = array();

    // Connect to database
    $db = mysqli_connect("localhost", "root", "", "registration");

    // If the Login button is clicked

    if(isset($_POST["Login"])){
        $username = mysql_real_escape_string($_POST["username"]);
        $email = mysql_real_escape_string($_POST["email"]);
        $password = mysql_real_escape_string($_POST["password"]);

        // Ensure that all fields are filled properly
        if (empty($username)){
            array_push($errors, "Username must be filled");
        }
        if (empty($email)){
            array_push($errors, "Email must be filled");
        }
        if (empty($password)){
            array_push($errors, "Password is required");
        }

        if (count($errors) == 0){
            $password = md5($password);
            $sql = "INSERT INTO users (Username, Email, password) VALUES ('$username', '$email', '$password')";
            mysqli_query($db, $sql);
        }
    }

?>

My errors function...

    <?php if (count($errors) > 0): ?>

    <div class="errors">
            <?php foreach ($errors as $error): ?>
                <p><?php echo $error; ?></p>
                <?php endforeach ?>
    </div>
<?php endif ?>

So please can someone help me go through these and ell me what's wrong, nothing happens when I click the login button, I don't see any user details in my database...

Also turn on error reporting: https://stackoverflow.com/a/21429652/296555 — waterloomatt, Mar 16 '20 at 12:25
Oh thanks very much. That made the login form go somewhere atleast, for the first time. — Kelly, Mar 16 '20 at 12:30
I'm sorry if I didn't edit the question well... I just wasn't sure how best to ask. But I hope it's more understandable if I say, I literally can't get to my database, that's he main issue now... Even after changing the button "type", it still brings up an error about the mysql_real_escape_string.... I just need someone to help get around any issue I may not know of... thanks. Kelly — Kelly, Mar 16 '20 at 12:36
`Warning - This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used.` — waterloomatt, Mar 16 '20 at 12:37
`... it still brings up an error about the mysql_real_escape_string...` PHP is trying very hard to tell you something. Please read my answer with an emphasis on prepared statements. This will solve your issue. You do not need to escape anything if you use prepared statements. — waterloomatt, Mar 16 '20 at 12:38
***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Mar 16 '20 at 12:49
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Mar 16 '20 at 12:50
***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Mar 16 '20 at 12:51

score -1 · Answer 1 · answered Mar 16 '20 at 12:29

-1

Change <input type="button" id="btn" value="Login" name="Login"> to <input type="submit" id="btn" value="Login" name="Login">.

Also turn on error reporting in your PHP script.

Finally, look into prepared statements. They are crucial to any web developer and help to prevent SQL injection attacks. They are surprisingly easy to use and make your code more readable.

answered Mar 16 '20 at 12:29

waterloomatt

3,662
1
19
25

Oh thanks Waterloomatt... I will check the prepared statements up. I will get back to you please. Thanks. – Kelly Mar 16 '20 at 12:40
If you DV, please leave a reason why. Thx. – waterloomatt Mar 16 '20 at 13:24
Thanks very much for all these answers everyone. I appreciate it. I haven't really got around all these yet. They are somewhat new to me...I'm still learning them. But I surely will get back you when I'm done. Thank you very much. – Kelly Mar 16 '20 at 16:17

I don't know why I can't connect to my database

1 Answers1