Jump to content

Why wont this go to mysql form?

Metoriium

By Metoriium
in PHP Coding Help

 Share

Recommended Posts

Metoriium Newbie

Metoriium

Posted
Posted

Each time i submit this form it wont send to mysql, can anyone help?

<?php
$hostname="mysql6.000webhost.com"; //local server name default localhost
$username="a5347792_meto";  //mysql username default is root.
$password="";       //blank if no password is set for mysql.
$database="a5347792_login";  //database name which you created
$con=mysql_connect($hostname,$username,$password);
if(! $con)
{
die('Connection Failed'.mysql_error());
}
 
mysql_select_db($database,$con);
 
//include connect.php page for database connection
include('connect.php');
//if submit is not blanked i.e. it is clicked.
if($_SERVER['POST_METHOD'] == 'POST')
{
if($_POST['name']=='' || $_POST['email']=='' || $_POST['password']==''|| $_POST['repassword']=='')
{
echo "please fill the empty field.";
}
else
{
$sql="insert into student(name,email,password,repassword) values('".$_REQUEST['name']."', '".$_REQUEST['email']."', '".$_REQUEST['password']."', '".$_REQUEST['repassword']."')";
$res=mysql_query($sql);
if($res)
{
echo "Record successfully inserted";
}
else
{
echo "There is some problem in inserting record";
}
 
}
}
?>
Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

Why do you have this

 

//include connect.php page for database connection
include('connect.php');

 

The code that appears before this is already connecting to the DB and selecting the DB.

 

If you look at the logic of your page, there are conditions for which there is no handling. For example:

 

if($_SERVER['POST_METHOD'] == 'POST')

There is no else condition for this condition, which means if that condition is not true - nothing will happen. What is "POST_METHOD"? There is no such index for the $_SERVER super global. So, unless you defined that variable - it does not exist. I think you meant to use REQUEST_METHOD

 

There is more wrong with this code as well.

 

1. You use the $_POST values to verify the input data - then use $_REQUEST for the value in the query

 

2. The code uses mysql_ functions which are deprecated

 

3. The code is open to SQL injection

Link to comment
Share on other sites
Metoriium Newbie

Metoriium

Posted
  • Author
Posted

I have changed this information but still doesnt work

Also how can i change this to mysqli?

<?php

session_start();
 
//include connect.php page for database connection
include('connect.php');
//if submit is not blanked i.e. it is clicked.
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if($_POST['name']=='' || $_POST['email']=='' || $_POST['password']==''|| $_POST['repassword']=='')
{
echo "please fill the empty field.";
}
else
{
$sql="insert into student(name,email,password,repassword) values('".$_POST['name']."', '".$_POST['email']."', '".$_POST['password']."', '".$_POST['repassword']."')";
$res=mysql_query($sql);
if($res)
{
echo "Record successfully inserted";
}
else
{
echo "There is some problem in inserting record";
}
 
}
}
?>
Link to comment
Share on other sites
QuickOldCar Regular Member

QuickOldCar

Posted
Posted (edited)

You shouldn't post your real login credentials on the net

 

This is untested, can try it out.

<?php
//start a session
session_start();

//set your credentials for mysql
$dbhostname     = 'localhost';
$dbusername     = 'root';
$dbpassword     = 'password';
$dbdatabasename = 'database_name';

//mysqli connection        
$con = mysqli_connect($dbhostname, $dbusername, $dbpassword, $dbdatabasename) or die("Error " . mysqli_error($con));

$error = ''; //keep this empty

//check if form was submitted
if (isset($_POST['submit'])) {
    
    //checks on each form value
    
    if (isset($_POST['name']) && trim($_POST['name']) != '') {
        $name = strtolower(trim($_POST['name'])); //lower all usernames
    } else {
        $error .= "Name not set <br />";
    }
    
    if (isset($_POST['email']) && trim($_POST['email']) != '') {
        if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
            $email = trim($_POST['email']);
        } else {
            $error .= "Email not a proper format <br />";
        }
    } else {
        $error .= "Email not set <br />";
    }
    
    if (isset($_POST['password']) && trim($_POST['password']) != '') {
        $password = crypt(trim($_POST['password'])); //encrypt the password
    } else {
        $error .= "Password not set <br />";
    }
    
    if (isset($_POST['repassword']) && trim($_POST['repassword']) != '') {
        
        //check if password is the same as repassword
        if (trim($_POST['password']) == trim($_POST['repassword'])) {
            $repassword = true;
        } else {
            $error .= "Both Passwords did not match. <br />";
        }
        
    } else {
        $error .= "Repassword not set <br />";
    }
    
    
    
    //check to see if all variables are set to determine doing a query
    if ($name && $email && $password && $repassword) {
        //escape any input
        $e_name     = mysqli_real_escape_string($name);
        $e_email    = mysqli_real_escape_string($email);
        $e_password = mysqli_real_escape_string($password);
        
        //check if users name or email already exists, thus disallowing users making new accounts same email
        $user_query = "SELECT FROM student where name='{$e_name}' OR email='{$e_email}'";
        
        if ($result = mysqli_query($con, $user_query)) {
            //return the number of rows in result set
            $rowcount = mysqli_num_rows($result);
            
            //if no records exist do the insert
            if ($rowcount < 1) {
                
                //insert query
                $query  = "INSERT INTO student (name, email, password) VALUES ('{$e_name}', '{$e_email}', '{$e_password}')";
                $insert = mysqli_query($con, $query);
                
                //check if data was inserted
                if ($insert) {
                    echo "Success! Your information was added.<br />";
                    
                    //log the user into session
                    $_SESSION['username']  = $name;
                    //or show are logged in
                    $_SESSION['logged_in'] = true;
                    
                } else {
				//was unable to insert records
                    //die("Error: " . mysqli_error($con));
                    $error .= "There was a problem inserting your data. <br />";
                }
                
                
            } else {
                //if rowcount equals 1 or more  
                $error .= "That user or email already exists <br />";
            }
            
        } else {
            $error .= "Unable to check if user exists. <br />";
        }
        
        
        
        
    }
}

//show if an error
if ($error != '') {
    echo $error;
}

//if there is a mysql connection then close it
if ($con) {
    mysqli_close($con);
}
?>

For checking usernames and passwords upon login

session_start();

if(crypt($passsword_from_db, $password_from_login) == $password_from_login) {
    $_SESSION['username']  = $name;
    $_SESSION['logged_in'] = true;
    $location = "http://".$_SERVER['HTTP_HOST']."/index.php";
    header("Location: $location");
    exit;
} else {
    echo "Wrong username or password";
}

Checking session logged in on pages and show username

session_start();

if($_SESSION['logged_in']){
//do something
}

if($_SESSION['username']){
echo $_SESSION['username'];
}
Edited by QuickOldCar
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.