Why doesn't my registration form insert the user data into the database?

Question

I created a registration form using HTML, created a database called “web_app_dev" and linked the form to the database using PHP, however, when I test the form and click the Submit button nothing happens. It doesn't show me any errors and the information does not get posted into the database.

The table in the database is called "registration"

Below is the code for the "registerform.php"

<?php
session_start();

$FirstName = "";

$LastName = "";

$gender = "";

$email = "";

$password = "";

$errors   = array();

// connect to database

$conn = mysqli_connect('localhost', 'root', '', 'web_app_dev');

// check if the registration button is clicked

if (isset($_POST['reg_btn'])) {

    // Receive information from the form
    $FirstName = mysqli_real_escape_string($conn, $_POST['FirstName']);
    $LastName = mysqli_real_escape_string($conn, $_POST['LastName']);
    $gender = mysqli_real_escape_string($conn, $_POST['gender']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);

   
    // make sure that the form is correctly filled
    if (empty($FirstName)) {
        array_push($errors, "First Name is required");
    }
    if (empty($LastName)) {
        array_push($errors, "Last Name is required");
    }
    if (empty($gender)) {
        array_push($errors, "Gender is required");
    }
    if (empty($email)) {
        array_push($errors, "Email is required");
    }
    if (empty($password)) {
        array_push($errors, "Password is required");
    }

    //check if user already exists in the database
    $user_check = "SELECT * FROM registration WHERE email='$email' LIMIT 1";
    $result = mysqli_query($conn, $user_check);
    $user = mysqli_fetch_assoc($result);

    if ($user) {
        if ($email['email'] == $email) {
            array_push($errors, "A user with this email already exists");
            }
    }

    //register the user if there are no errors
    if (count($errors) == 0) {
        $password = md5($password); //encrypt the password before saving it into the database
        $query = "INSERT INTO registration (FirstName, LastName, gender, email, password)
                  VALUES('$FirstName', '$LastName', '$gender', '$email', '$password')";
        mysqli_query($conn, $query);
        $_SESSION['success'] = "Registration successful!";
    }
}
?>

Below is the code from the html file that contains the html code for the form, the file's name is "regform.php"

<?php include('registerform.php') ?>

<!DOCTYPE html>
<html>
<head>
<title>Register</title>
<link rel="stylesheet" href="edits.css">
</head>
<body>
<style>
body {
background-image: url("img/bg2.jpg");
}
</style>

<div class="header">
    <h2 style="margin-right: 60px;">Register</h2>
</div>

<form method="post" action="registerform.php">
    <div class="input-group">
        <label for="FirstName">First Name</label>
        <input type="text" name="FirstName" id="FirstName" 
placeholder="Enter First Name..."/>
    </div>
    <div class="input-group">
        <label for="LastName">Last Name</label>
        <input type="text" name="LastName" id="LastName" 
placeholder="Enter Last Name..."/>
    </div>
    <div class="radio-group">
        <label for="m"><input type="radio" name="gender" 
value="m">Male</label>
        <label for="f"><input type="radio" name="gender" 
value="f">Female</label>
    </div>
    <div class="input-group">
        <label for="email">Email</label>
        <input type="text" name="email" id="email" placeholder="Enter 
Email...">
    </div>
    <div class="input-group">
        <label for="password">Password</label>
        <input type="text" name="password" id="password" 
placeholder="Enter password...">
    </div>


    <div class="input-group">
        <button type="submit" class="btn" id= "reg_btn" 
name="reg_btn" value="reg_btn">Submit</button>
    </div>
</form>

</body>
</html>

[Edit] Bellow is a screenshot of the error message that shows, after adding the error reporting code before the mysqli_connect() code.

Error message after filling in the form and clicking the register button

"Line 59" from the error message, is referring to the second last line from the registerform.php code. the code on that line is;

mysqli_query($conn, $query);

The data I put in the form is also shown bellow

Data inserted in the form

**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) — Dharman, Jul 26 '22 at 13:21
**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, Jul 26 '22 at 13:21
Welcome to Stack Overflow! This is a good opportunity for you to start familiarizing yourself with [using a debugger](https://stackoverflow.com/q/25385173/328193). Even without a step debugger, you can add lots of debugging output to the code to observe its behavior after the execution. When you debug the code, which operation first produces an unexpected result? What were the values used in that operation? What was the result? What result was expected? Why? To learn more about this community and how we can help you, please start with the [tour] and read [ask] and its linked resources. — David, Jul 26 '22 at 13:22
Never configure your web app to login to the database as `root`. Root can do whatever it likes, so on top of the SQL injection vulnerabilities this just leaves your database an open book for hackers. Instead create a separate user account specifically for this application which has only the permissions it actually _needs_ in order to work properly. Don't even use the root account as a shortcut during development or testing, because you need to test your account permissions as well - otherwise when you go live you might have unexpected errors relating to the user account setup. — ADyson, Jul 26 '22 at 13:25
Add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` before your `mysqli_connect()` (or `new mysqli()`) command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically. Ensure PHP error reporting (or logging, in a live environment) is enabled too so that you always see error messages when they occur, and they're not hidden, — ADyson, Jul 26 '22 at 13:25
"Nothing happens"...at all? You mean it doesn't even post back the form? If that's the case then maybe show us your HTML (and any relevant Javascript) — ADyson, Jul 26 '22 at 13:26
The form looks fine except it posts back directly to registerform.php which doesn't seem to produce any output in any circumstances, whether the data is valid or not. So it's hard to see how you could have done any debugging on this. I assumed you just get a blank screen when you submit? And did you turn on the error reporting yet as I mentioned above? — ADyson, Jul 26 '22 at 13:56
As per [ask] please provide all error messages etc as text, not pictures. But the error is clear enough don't you think? The data you typed in for the password is too big for the database column which is supposed to hold it. — ADyson, Jul 26 '22 at 19:15
The password column in the database is set to Varchar(20)... Even if I set the password to only one character, it still displays the same error message. — Luka Marshall, Jul 26 '22 at 19:26
[edit] I just changed the length of the password field to 50 characters and it worked just fine.. i have no idea why it didn't work with 20 though.. but i guess i could work with the 50 for now. Also thank you so much for your time. — Luka Marshall, Jul 26 '22 at 19:42
It's because you're inserting a hash of the password into the database, not the original password the user entered. md5 hashes usually come out at 32 characters (regardless of the length of the hashed data). Note that - as you were warned above - md5 is obsolete now and insecure, it can be cracked easily. So should switch to using php's secure password_hash function. As per its [documentation](https://www.php.net/manual/en/function.password-hash.php) you need to allow _at least_ 60 characters for storing a hash created by that function (but it advises 255 is better). — ADyson, Jul 26 '22 at 20:06

score 0 · Answer 1 · answered Aug 01 '22 at 22:03

It's because you're inserting a hash of the password into the database, not the original password the user entered. md5 hashes usually come out at 32 characters (regardless of the length of the hashed data).

Note that - as you were warned above - md5 is obsolete now and insecure, it can be cracked easily. So should switch to using php's secure password_hash function. As per its documentation you need to allow at least 60 characters for storing a hash created by that function (but it advises 255 is better)

Why doesn't my registration form insert the user data into the database?

1 Answers1