Insert HTML data into mysql database

Question

I've create a HTML page which allows the user to type a username and password. When the user clicks the login button I need to put the username and password into a mysql database.

When I test it by typing the IP address of the website and entering username and password and press the login button it just goes to a blank page (this being the IPADDRESS/adduser.php. When I check the database nothing is entered.

I also want to redirect the user to a different page rather than to a blank page

I'm pretty new to this, but seem to have hit a brick wall, wondering if someone could help. Thanks.

HTML file:

<!DOCTYPE html>
<html>
<style>

/* Header/Title */
.header {
padding: 2px;
text-align: center;
background: rgb(49, 48, 48);
color: white;
font-size: 15px;
}

form {

    border: 5px solid #f1f1f1;
    background-color: white;
    font-family: Verdana, Geneva, Tahoma, sans-serif;
    text-align: center;      
}

input[type=text],
input[type=password] {
    width: 40%;
  
    padding: 12px 20px;
    margin: 8px 0;
    display:block;
    border: 1px solid #ccc;
    box-sizing: border-box;              
}   
body{
background-color: rgb(180, 46, 46);
}

button {
    background-color: #265ec5;
    color: white;
    padding: 14px 20px;
    margin: 8px 0;
    border: none;
    cursor: pointer;
    width: 10%;
}

button:hover {
    opacity: 0.8;
}

.imgcontainer {
    padding: 20px;
    text-align: center;     
}

.container {
    padding: 16px;    
}

span.psw {
    float: center;
    padding-top: 16px;
}

</style>

<body>

<div class="header">
    <h2>
        <img src="vs/banner.png"> 
    </h2>

  </div>

    <form action="adduser.php" method="POST">       
    <div class="imgcontainer">
        <img src=
         "LINK TO IMAGE" width="250" height = "70"
            alt="Avatar" class="avatar">
    </div>
    <h2 style="text-align:center;" > Sign In  </h2>
   
    <div class="container">
     
        <label><b> Username</b></label>
        <input type="text" name="user_name" required placeholder="enter valid username"
        oninvalid="this.setCustomValidity('Enter a valid email address')"
        oninput="this.setCustomValidity('')"
        
        />
     
        <label><b>Enter password</b></label>
        <input type="password" placeholder="Enter Password" name="user_password" required place>
     
        <button type="submit">Login</button>
        
    </div>

    <div class="container" style="background-color:#f1f1f1">
        
        <span class="psw">Forgot <a href="#">password?</a></span>
        <p></p>
        <span class="usn_info">You must login using with valid username</span>
    </div>
  </form>

  </body>

 </html>

php file:

<?php

$host= 'localhost';
$user = 'root';
$pass = 'admin';
$database = 'logins';
$table='user_login';

$conn = mysqli_connect($host, $user, $pass, $database);


if ($conn) {
die("Database connection failed: Insert User : Error = " . 
mysqli_error());
}

$user_name=$_POST["user_name"];
$user_password=$_POST["user_password"];

$sqlquery = "INSERT INTO user_login (user_name, user_password)
VALUES ('$user_name','$user_password')";

if (mysqli_query($conn, $sqlquery))
{
    echo "user added";
}

mysqli_close($conn);

?>

You're not outputting anything except if your connection fails, which may be why you're getting a white page — aynber, Jul 30 '21 at 19:23
You're inserting the db username, but `$psw` is not defined. And you're just creating the query string, you're not actually inserting it. — aynber, Jul 30 '21 at 19:28
SQL injection issues aside, the variable names used with `VALUES` do not match the variable names assigned from `$_POST`. — Paul T., Jul 30 '21 at 19:28
take a look at this tutorial which shows password_hash and also how to use it https://alexwebdevelop.com/php-password-hashing/ — nbk, Jul 30 '21 at 19:32
By the way (not related to your question but still, important), you have 2 problems here: the fisrt one is the fact that in the `()` of `VALUES`, you enter undefined variables (pay attention that the variables needs to be `$user_name` and `$user_password`). The second thing, read about "prepared statements" in order to prevent SQL injections. And also read about hashing password. It can help you. About your question, I have posted an answer, hope it will help — php123, Jul 30 '21 at 19:50
I've changed the variables to be $user_name and $user_password but whenever I used SELECT * FROM user_login, it's empty — McCloud54, Jul 30 '21 at 19:53
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Jul 30 '21 at 20:12
**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, Jul 30 '21 at 20:12

saytricky · Accepted Answer · 2021-07-30T19:47:20.953

-1

Warning: Do not use this code in production, read about SQL injection and sanitizing post values.

Your PHP variable names are all over the place. One second you're declaring $username as the database login, but in the insert statement you're also inserting $username which will insert the username "admin" into your database. Please be wary of this.

For starters, the "action=" in form tag determines where your user will redirect to after submitting the form. In your case, adduser.php. So make sure any PHP code to handle the form submission is inside adduser.php.

adduser.php

<?php

$hostname= "localhost";
$username = "admin"
$password = "admin";
$db = "logins";

$dbconnect=mysqli_connect($hostname,$username,$password,$db);

if ($dbconnect->connect_error) {
die("Database connection failed: " . $dbconnect->connect_error);
}

if(isset($_POST['submit'])) {
$user_name=$_POST['username'];
$user_password=$_POST['psw'];

$query = "INSERT INTO user_login (user_name, user_password)
VALUES ('$user_name', '$user_password')";

if ($dbconnect->query($query) === TRUE) {
echo "New record created successfully";
}

$conn->close();

}
?>

If everything is correct, upon submitting the form you will be redirected to adduser.php and this message will be echoed: "New record created successfully".

edited Jul 30 '21 at 19:47

answered Jul 30 '21 at 19:39

saytricky

69
5

1

this code is **vulnerable** to **sql injection** – nbk Jul 30 '21 at 19:43
1

Yes it is. It's a code for learning, not for production use. He's gotta start somewhere, you know. – saytricky Jul 30 '21 at 19:44
I'm aware of sql injection, it's just for learning exercise to try and get data to go into the database. I get redirected to the page but nothing is echoed – McCloud54 Jul 30 '21 at 19:48
Answers must be secure, so if someone would copy it he is in trouble, as you cporrect the code error please make it right – nbk Jul 30 '21 at 19:48
@McCloud54 nothing will be echoed becuase in your php file, you didn't write `echo`... Be more specific and write here what you want the php-file to do – php123 Jul 30 '21 at 20:00
Why are you posting code that nobody should ever be using. Your first sentence says do not listen to what this answer has to say. This is contradicting itself. – Dharman Jul 30 '21 at 20:13
I just want to take the input from the HTML page and input into a database and once and then redirect to a new page once the button is clicked. – McCloud54 Jul 30 '21 at 20:25

score -2 · Answer 2 · answered Jul 30 '21 at 19:40

-2

In your php file, after inserting data to the data-base, write these 2 commands:

header("www.the-page-you-want-to-go-to.com");
exit();

answered Jul 30 '21 at 19:40

php123

139
9

@McCloud54, you talked about "redirect to a different page". From what I had understood, you wanted that AFTER inserting to the database, go to another page. And this is the solution. Tell me what you want to do and I will be able to help more (instead of vote down...) – php123 Jul 30 '21 at 19:58

Insert HTML data into mysql database

2 Answers2