php code reviewing help please

[benoit1980]

Hello

 

I would like to know what is wrong in my code please, everything appear on the screen without mysql connection error when I remove all the php that starts from mysqli_query at the bottom of the page. When I remove all the code I have noted with #################### the form shows up on the screen, when I re-add that code, the page is white therefore there is something wrong I am doing here.

Could you please let me know? Thank you. Regarding the id, someone told me to leave it blank in the query as it is auto incremented.

 

Ben

 

 

<?php include "/include/header.php"; ?><?php include "/include/navbar.php"; ?><?php include "/connect/connect.php"; ?>  <?phpif(isset($_POST['submit'])) {$name = $_POST['name'];  $surname = $_POST['surname'];  $username = $_POST['username'];  $password1 = $_POST['password1'];$password2 = $_POST['password2'];$email = $_POST['email'];  if(empty($name)){  echo "Please add Your name to the form<br>";  }elseif (strlen($name)<3){   echo "Your name is way too short, please input a real name!<br>"; }if(empty($surname)){  echo "Please add Your Surname to the form<br>";  }elseif (strlen($surname)<3){   echo "Your surname is way too short, please input a real surname!<br>"; }if(empty($username)){  echo "Please choose a Username<br>";  }elseif (strlen($username)<5){   echo "Your Username should have a minimum of 5 characters!<br>"; }if(empty($email)){  echo "Input an email<br>";  }if(empty($password1)){  echo "Please choose a password<br>";  }elseif (strlen($password1)<5){   echo "Your password should have at least 5 characters or digits!<br>"; }if($password1 !== $password2){  echo "Your passwords do not match, please verify your passwords<br>";  }else{ $safe_name = mysqli_real_escape_string($name);$safe_surname = mysqli_real_escape_string($surname);$safe_username = mysqli_real_escape_string($username);$safe_email = mysqli_real_escape_string($email);$safe_password = mysqli_real_escape_string($password);$safe_email = mysqli_real_escape_string($email);}?>   <div class="container centered"> <form role="form" name="registration" method="post" action="">   <div class="form-group">    <label>Your Name</label>    <input type="text" name="name" class="form-control custom" placeholder="Enter your Name" value="<?php echo $_POST['name']; ?>">  </div>    <div class="form-group">    <label>Your Surname</label>    <input type="text" name="surname" class="form-control custom"  placeholder="Enter your Surname" value="<?php echo $_POST['surname']; ?>">  </div>  <div class="form-group">    <label>Choose a Username</label>    <input type="text" name="username" class="form-control custom"  placeholder="Enter your Username" value="<?php echo $_POST['username']; ?>">  </div>  <div class="form-group">    <label>Choose a Password</label>    <input type="password" name="password1" class="form-control custom"  placeholder="Choose your Password">  </div>  <div class="form-group">    <label>Retype your Password</label>    <input type="password" name="password2" class="form-control custom"  placeholder="Re-enter your Password">  </div>    <div class="form-group">    <label>Your email</label>    <input type="email" name="email" class="form-control custom"  placeholder="Enter your Email" value="<?php echo $_POST['email']; ?>">  </div>  <input type="submit" name="submit" class="btn btn-default" value="submit"></form>  ############################<?php // Create the Database Querymysqli_query('INSERT INTO users (id, name, name, surname, username, password, email) VALUES ( , $safe_name, $safe_surname, $safe_username, $safe_email, $safe_password, $safe_email)'); // Test if there was a query errorif (!$connection) {    die("Database query failed.");}  // Close database connection mysqli_close($connection);{  echo "Your form has been submitted!"; }}?>################################</div>       <?php include "/include/footer.php"; ?>
 
 

[adam_bray]

Move your query between 

$safe_email = mysqli_real_escape_string($email);

// QUERY GOES HERE

}

You've got it in a place that will run the query every time the page is loaded, even before the form is submit.

[cyberRobot]

There are a few errors with the query.

1. It's enclosed within single quotes. Since you have PHP variables in the query, you'll need to use double quotes.
2. The query doesn't specify the value for the "id" column. The query just leaves it blank. If you run mysql_error(), you should get an error.
3. The list of columns need to match the list of values...and in the same order.

 

Assuming that the "id" column auto-increments, try changing you query to

mysqli_query("INSERT INTO users (name, surname, username, password, email) VALUES ($safe_name, $safe_surname, $safe_username, $safe_password, $safe_email)");

Side notes:

• PHP has a function for validating email addresses: http://www.php.net/manual/en/filter.examples.validation.php
• The mysql_ functions have been depreciated; at some point you'll need to look into the alternatives: http://www.php.net/manual/en/mysqlinfo.api.choosing.php

 

 

[cyberRobot]

Sorry, just a few more quick notes. First, you have a duplicate line here (it's processing $email twice):

$safe_email = mysqli_real_escape_string($email);
$safe_password = mysqli_real_escape_string($password);
$safe_email = mysqli_real_escape_string($email);

 

 

Also, the form labels currently aren't doing anything. Perhaps the following will help with connecting the <label> tag to the corresponding <input> tag:

http://www.cyberscorpion.com/2012-02/making-html-forms-more-accessible-and-improving-usability-with-the-label-tag/