Simple newsletter sign-up (rookie) problem

[Frankhol]

Hi all, as a php rookie I'm trying to create a simple newsletter registration sign-up but for some (probably stupid) reason I don't get an error message and nothing is getting into the database. 

 

Anyone willing to point out what I'm overlooking?

(yes, there is a bit of Dutch in the txt)

 

 

<!doctype html>
<html lang="nl">
  <head>
    <meta charset="utf-8">
    <title>Pre-Registratie</title>
  </head>
  <body>
 
   <form action="reg.php" method="POST">
<input type="text" name="name" placeholder="Naam">
<input type="text" name="email" placeholder="Email adres">
<button type="submit">Registreer</button>
</form>
 
    
  </body>
</html>
 

[ginerjm]

Try turning on php error checking. See my signature

 

Also - I've seen recommendations that one should NOT use <button> for form submissions. Use "<input type='submit'...." instead.

[benanamen]

You create an unnecessary variable called $naam and then try to insert $name into the database, therefore your query fails. If you turn on error reporting you would have a clue as to the problem

 

Additional noob mistakes are putting variables in your query. NEVER EVER do that. Use prepared statements. You are also outputting internal system errors to the user who has no use for it unless he is a hacker.

 

@gingerjm, it is actually the checking of a button being submitted instead of checking the server request method.

Edited May 3, 2017 by benanamen

[Frankhol]

Thanks a lot for the fast replies! I implemented your tip, @ginerjm, and yes, very handy ! Also checked out the differences between button and input and will stick with the button for now. It's not like it's a project for millions of viewers and it's a temporary page I work on by myself. The real work I'll let the pro's handle, but I like to learn.... 

 

@Benanamen, cheerio! I was planning on changing all Dutch into English for readability, changed my mind and overlooked the 'naam/name' case. Anyway it wasn't working for some reason with or without correct 'language setting'.  The error handling is just to see where I messed up. I am getting pretty good grades on ssl and securityheaders.io though (if that matters in this jungle) :*) My firewall is loved at some times...so thanks for the warning!!

 

In the meanwhile I was looking for other/better ways and indeed found the 'prepared statements'. And it's working, kind-of. DEtails are getting in the DB but then apparently I encounter an error many get, yet haven't found a solution. Redirecting the visitor after signin-up.

 

With the next code I'm getting :

Warning: Cannot modify header information - headers already sent by (output started at /xxx/xxx.x/www/register.php:17) in ......

where  line 17 is <?php

and If I use 

<script type="text/javascript">
window.location = "http://www.phpfreaks.com/";
</script>

instead, everything just vanishes into thin air, without any error messages 

 

 

 

<!doctype html>

<html lang="nl">

  <head>

    <meta charset="utf-8">

    <title>Registration</title>

    <link rel="stylesheet" type="text/css" href="register.css">

  </head>

  <body>

  <div>

<form method="POST">

<input type="text" name="name" placeholder="name"><br>

<input type="text" name="email" placeholder="Email adres"><br>

<button type="submit" class="button button1">register</button>

</form>

</div>

 

  <?php

 

  error_reporting(E_ALL);

 ini_set('display_errors', '1');

 

 

$servername = "xxx";

$username = "xxx";

$password = "xxx";

$dbname = "xxx";

 

// Create connection

$conn = new mysqli($servername, $username, $password, $dbname);

 

// Check connection

if ($conn->connect_error) {

    die("Connection failed: " . $conn->connect_error);

}

 

 

// prepare and bind

$stmt = $conn->prepare("INSERT INTO pre_registration (name, email) VALUES (?, ?)");

$stmt->bind_param("ss", $name, $email);

 

// set parameters and execute

$naam = $_POST['name'];

$email = $_POST['email'];

$stmt->execute();

 

 

$stmt->close();

$conn->close();

 

  header('Location: thanks.html');

 

?>

 

</body>

</html> 

Edited May 4, 2017 by Frankhol

[ginerjm]

I'd stick with the <input type='submit' personally. No reason to use <button> when you are in a form environment. Really.

[benanamen]

OP, you need to use the code tags when you post your code. The error you are getting is from outputting something before the headers. Do what @gingerjm said about the button.

 

 

@gingerjm, I thought you were talking about checking the button name after submit. My mistake.

[Frankhol]

Cheers guys will do.

Could it be that I'm outputting the the errors through

error_reporting(E_ALL);
 ini_set('display_errors', '1');

When I take it away I don't see an error (duh), but also I don't get redirected to thanks.html

 

(edit: but since it's 5AM here I might wanna go to bed first and then try the <input>, see if that helps;-)

Edited May 4, 2017 by Frankhol

[mac_gyver]

you cannot output anything to the browser before you use a header() statement. the message calling attention to the output started on line 17, properly means the output up to and including the output started on line 17. everything from your <!DOCTYPE tag through to the </div> tag is output that is being sent to the browser.

 

your form processing code should be near the top of your file and come before the start of your html document. any output your form processing code generates, such as error messages, should be stored in php variable(s) and then output at the correct point in the html document.