0

I am Practicing a bit about MySQL Database connections through php. However, i am encountering a bit of a problem. Because of Inserting the Actual Username and Password that the user inputted into the MySQL Database itself, only blank rows, or a row containing empty (ps. Its not NULL, just empty) data is being inserted in it. The following below is how I created the actual forms that the user has to input to.

<?php
session_start();
include("testconnect.php");
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Login Page</title>
</head>
<body>
<style>
    #signup-box{
        margin:auto;
        width: 300px;
        padding: 30px;
        background-color: grey;
    }

</style>
    <div id="signup-box">
        <form method="POST">
            <input style="width:100%" type="text" name="Username"><br><br>
            <input style="width:100%" type="password" name="Password"><br><br>
            <input type="button" value="Submit">
        </form>
    </div>

    
</body>
</html>

And this is how i declared my php mysql connections.

<?php

        $conn=mysqli_connect('localhost','root','','practice') or die ("unable to connect to database");
        $username1=mysqli_real_escape_string($conn,$_POST['Username']);
        $password1=mysqli_real_escape_string($conn,$_POST['Password']);
        
        
        $query="insert into usertable values('$username1','$password1')";
        mysqli_query($conn,$query);

I am hoping that someone here can help me with this slightly small problem of mine.

Ps. Already looked for solutions everywhere but none of the solutions offered seems to solve the problem. Ps. Already checked the db connection but there seems to be no problem at all

joluns11
  • 13
  • 2
  • @Samir yes. There's only two columns. – joluns11 Jun 23 '21 at 12:36
  • 2
    This isn't how we escape user input. See about sql injection and the importance of prepared and bound queries – Strawberry Jun 23 '21 at 12:37
  • 2
    Normally I'd recommend using [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php), but in this case, it would be helpful to echo out your `$query`. Make sure that looks correct. If it does, then try copying into your database to see if it works. If it does not look correct, then you'll need to troubleshoot your `$_POST` and variables. – aynber Jun 23 '21 at 12:47
  • 2
    Also add a check to make sure that the post data actually exists before trying to insert it. Since you're POSTing to the same page that has the form, it will attempt to insert the data every time you just view the page. – aynber Jun 23 '21 at 12:49
  • 1
    **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Jun 23 '21 at 13:04

1 Answers1

0

If we suppose your Php code to insert into database is testconnect.php, You must provide an action in form tag. In your code the first thing before showing anything to you in browser, is inserting in SQL and then the form will show to you. The code you provided is like this:

<?php
session_start();
 $conn=mysqli_connect('localhost','root','','practice') or die ("unable to connect to database");
        $username1=mysqli_real_escape_string($conn,$_POST['Username']);
        $password1=mysqli_real_escape_string($conn,$_POST['Password']);
        
        
        $query="insert into usertable values('$username1','$password1')";
        mysqli_query($conn,$query);
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Login Page</title>
</head>
<body>
<style>
    #signup-box{
        margin:auto;
        width: 300px;
        padding: 30px;
        background-color: grey;
    }

</style>
    <div id="signup-box">
        <form method="POST">
            <input style="width:100%" type="text" name="Username"><br><br>
            <input style="width:100%" type="password" name="Password"><br><br>
            <input type="button" value="Submit">
        </form>
    </div>

    
</body>
</html>

So need change it to something like this:

<?php
session_start();

?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Login Page</title>
</head>
<body>
<style>
    #signup-box{
        margin:auto;
        width: 300px;
        padding: 30px;
        background-color: grey;
    }

</style>
    <div id="signup-box">
        <form action="testconnect.php" method="POST">
            <input style="width:100%" type="text" name="Username"><br><br>
            <input style="width:100%" type="password" name="Password"><br><br>
            <input type="button" value="Submit">
        </form>
    </div>

    
</body>
</html>
Majid Hajibaba
  • 3,105
  • 6
  • 23
  • 55