phreak3r Posted January 12, 2018 Share Posted January 12, 2018 (edited) Hi there I am phreak3r, just registered. I happened to stumble across a forum post dealing with php which lead me to this site. I have tried other avenues of assistance to no avail. I am hoping you all could help me here. The connection to the web server and mysql server seem to be up and running, same with the database. However, there the data doesn't appear to be inserted into the database (well, the specified tables). I have attached the main files involved below. Thank you for your assistance! P.S. Excuse the terrible code and what not, I am new to PHP and this is all just a test, official security 'stuff' will be added later. I am just trying to get past a small hurdle. If you need anymore information/files feel free to reach out to me. EDIT: Running LAMP stack on Xubuntu machine, phpMyAdmin is being utilized as well. confirmation.php signup.php dbcon.php Edited January 12, 2018 by phreak3r Quote Link to comment Share on other sites More sharing options...
requinix Posted January 12, 2018 Share Posted January 12, 2018 Attachments are rather annoying for us to work with. How about posting the parts of the code that have to deal with inserting (ie, the parts that aren't working)? Quote Link to comment Share on other sites More sharing options...
phreak3r Posted January 12, 2018 Author Share Posted January 12, 2018 Attachments are rather annoying for us to work with. How about posting the parts of the code that have to deal with inserting (ie, the parts that aren't working)? How are attachments annoy for you to work with? Here you go! 1 <?php 2 include('header.php'); 3 require('dbcon/dbcon.php'); 4 5 if (isset($_POST['submitted'])) { 6 $username = $_POST['username']; 7 $password = $_POST['password']; // hash this thing later on... 8 $email = $_POST['email_address']; 9 10 $sqlinsert = "INSERT INTO profile0 ('username', 'password', 'email_address') VALUES ('$username', '$password', '$email')"; 11 mysqli_query($sqlinsert); 12 13 14 15 } 16 ?> Quote Link to comment Share on other sites More sharing options...
gizmola Posted January 12, 2018 Share Posted January 12, 2018 Here's a "Pro" tip for you. There is no need for, and many possible issues with closing out your php scripts with the closing tag ?> I would suggest you delete those from your files. We don't know what the problem is without some information from you. The obvious problem I see is that you do not check for errors after your insert, and you are using the procedural mysqli_* functions incorrectly because you are not passing a mysqli link parameter. Beyond that the SQL does not look incorrect, but any issue with either the database connection or the names of columns, constraints etc. could cause your query to fail. Since you don't check here, I expect you also don't check to see if your connection works. Take a look at the mysqli::query page: http://php.net/manual/en/mysqli.query.php For example: if (TRUE === mysqli_query($conn, $sqlinsert)) { echo "Inserted."; } else { echo "Error: " . mysqli_error($conn); } Quote Link to comment Share on other sites More sharing options...
phreak3r Posted January 12, 2018 Author Share Posted January 12, 2018 Here's a "Pro" tip for you. There is no need for, and many possible issues with closing out your php scripts with the closing tag ?> I would suggest you delete those from your files. We don't know what the problem is without some information from you. The obvious problem I see is that you do not check for errors after your insert, and you are using the procedural mysqli_* functions incorrectly because you are not passing a link parameter. Beyond that the SQL does not look incorrect, but any issue with either the database connection or the names of columns, constraints etc. could cause your query to fail. Since you don't check here, I expect you also don't check to see if your connection works. Take a look at the mysqli::query page: http://php.net/manual/en/mysqli.query.php For example: if (TRUE === mysqli_query($conn, $sqlinsert)) { echo "Inserted."; } else { echo "Error: " . mysqli_error($conn); } I check the connection in another file/some code that is not presented. Here's the code for the connection to the database: 1 <?php 2 $servername = "localhost"; 3 $database = "soapbox"; 4 $username = "root"; 5 $password = "1234"; 6 7 // Create connection 8 $conn = mysqli_connect($servername, $username, $password, $database); 9 mysqli_select_db($conn, $database); 10 /*if (!$conn) { 11 die("Connection failed: " . mysqli_connect_error()); 12 } else { 13 echo "Connection successful!"; 14 } 15 16 if (!mysqli_select_db($conn, $database)) { 17 echo " Database not selected!"; 18 } else { 19 echo " Database selected!"; 20 }*/ 21 ?> ~ I am not sure what else it could be really. What do you mean by this? "We don't know what the problem is without some information from you. The obvious problem I see is that you do not check for errors after your insert, and you are using the procedural mysqli_* functions incorrectly because you are not passing a link parameter." Quote Link to comment Share on other sites More sharing options...
gizmola Posted January 12, 2018 Share Posted January 12, 2018 Did you look at the code I provided and check what is different from your code? Look at the manual page I linked. Note that the 1st parameter needs to be the mysqli connection handle aka 'link'. I fixed the problem for you in the code I provided. Quote Link to comment Share on other sites More sharing options...
phreak3r Posted January 12, 2018 Author Share Posted January 12, 2018 Did you look at the code I provided and check what is different from your code? Look at the manual page I linked. Note that the 1st parameter needs to be the mysqli connection handle aka 'link'. I fixed the problem for you in the code I provided. Yes I did check what was different. I added the first parameter. Still nothing... And remove the closing tags? Why? Quote Link to comment Share on other sites More sharing options...
gizmola Posted January 12, 2018 Share Posted January 12, 2018 Closing tags can inject whitespace accidentally that causes output breaking sessions and other things. Without the end tags, PHP cleans up those problems for you. In your dbconn.php remove the comments around the error checking. Are you actually getting a connection or an error? Quote Link to comment Share on other sites More sharing options...
phreak3r Posted January 12, 2018 Author Share Posted January 12, 2018 Closing tags can inject whitespace accidentally that causes output breaking sessions and other things. Without the end tags, PHP cleans up those problems for you. In your dbconn.php remove the comments around the error checking. Are you actually getting a connection or an error? Well wouldn't that mess up the visual look of the page, say if you've got php at the top, html in the middle, and php at the bottom? I tried it and it did not work for me. I am indeed getting a connection, no errors are being thrown. Everything goes through, but there's no data being inserted into the database, it is very weird. Quote Link to comment Share on other sites More sharing options...
gizmola Posted January 12, 2018 Share Posted January 12, 2018 No it doesn't mess up the look of anything to not have end tags. It is not relevant to the problems you are having, but it's a best practice with professional PHP. It's part of PSR-2 which you can look at here: http://www.php-fig.org/psr/psr-2/ If you follow those standards and recommendations your code will also be easy to read. At any rate, did you also provide the code I offered up around the insert? This can help you debug if there is a SQL issue with the Insert itself. Feel free to post snippets of the current insert code you have. Also, are you using something like firebug to insure that the form is submitting where you think it is, and you are getting a valid HTTP response? Quote Link to comment Share on other sites More sharing options...
phreak3r Posted January 12, 2018 Author Share Posted January 12, 2018 "No it doesn't mess up the look of anything to not have end tags. It is not relevant to the problems you are having, but it's a best practice with professional PHP." "The closing ?> tag MUST be omitted from files containing only PHP." - From PSR-2 Coding Style Guide - PHP-FIG under Files 2.2 The confirmation.php script is not PHP only. As for some of the others, they would benefit from removing the PHP end tag. CONFIRMATION.PHP <?php 2 include('header.php'); 3 require('dbcon/dbcon.php'); 4 5 if (isset($_POST['submitted'])) { 6 $username = $_POST['username']; 7 $password = $_POST['password']; // hash this thing later on... 8 $email = $_POST['email_address']; 9 10 $sqlinsert = "INSERT INTO profile0 ('username', 'password', 'email_address') VALUES ('$username', '$password', '$email')"; 11 mysqli_query($conn, $sqlinsert); 12 13 if (TRUE === mysqli_query($conn, $sqlinsert)) { 14 echo "Inserted."; 15 16 } else { 17 echo "Error: " . mysqli_error($conn); 18 } 19 } 20 ?> 21 22 <!DOCTYPE html> 23 <html> 24 <head> 25 <title>soapbox - confirmation</title> 26 </head> 27 28 <body> 29 <br> 30 <?php echo "The data provided has been sent to the server and is being inserted into the database. 31 In order to complete the process $username, we need you to confirm your account. 32 We have sent you an email at $email, the provided email upon signing up for an account. 33 Thank you and cheers! - dbk" 34 ?> 35 </body> 36 </html> SIGNUP.PHP 1 <?php include('header.php'); ?> 2 3 <!DOCTYPE html> 4 <html> 5 <head> 6 <title>soapbox - sign up</title> 7 </head> 8 9 <body> 10 <form action="confirmation.php" method="POST"> 11 <br> Username: <br> 12 <input type="text" name="username" maxlength="26" placeholder="Username"> 13 14 <br> Password: <br> 15 <input type="password" name="password" maxlength="26" placeholder="Password"> 16 17 <br> Email Address: <br> 18 <input type="email" name="email_address" placeholder="Email Address"> 19 20 <br> 21 <input type="submit" value="Submit"> 22 </form> 23 </body> 24 25 <!--Include footer later on --> 26 </html> DBCON.PHP 1 <?php 2 $servername = "localhost"; 3 $database = "soapbox"; 4 $username = "root"; 5 $password = "1234"; 6 7 // Create connection 8 $conn = mysqli_connect($servername, $username, $password, $database); 9 mysqli_select_db($conn, $database); 10 if (!$conn) { 11 die("Connection failed: " . mysqli_connect_error()); 12 } else { 13 echo "Connection successful!"; 14 } 15 16 if (!mysqli_select_db($conn, $database)) { 17 echo " Database not selected!"; 18 } else { 19 echo " Database selected!"; 20 } 21 ?> "Also, are you using something like firebug to insure that the form is submitting where you think it is, and you are getting a valid HTTP response?" Nope, I am using plain old vim. I believe I am indeed getting a valid HTTP response. The server is up and running, no problems of that sort. Quote Link to comment Share on other sites More sharing options...
benanamen Posted January 12, 2018 Share Posted January 12, 2018 (edited) The problem is your code is looking for POST submitted in order to work and it doesn't exist. You are improperly hoping the name of a button will be submitted in order for your script to work. You need to be checking the REQUEST METHOD instead. Do not create variables for nothing. NEVER EVER put variables in your query. You need to use Prepared Statements. Do not output internal system errors to the user. I recommend you use PDO. https://phpdelusions.net/pdo Edited January 12, 2018 by benanamen Quote Link to comment Share on other sites More sharing options...
phreak3r Posted January 12, 2018 Author Share Posted January 12, 2018 The problem is your code is looking for POST submitted in order to work and it doesn't exist. You are improperly hoping the name of a button will be submitted in order for your script to work. You need to be checking the REQUEST METHOD instead. Do not create variables for nothing. NEVER EVER put variables in your query. You need to use Prepared Statements. @benanamen Ah, I thought it would be a simple problem. I feel stupid, but thank you. I will use the request method. However, if you use POST with an input instead of a button it will give you problems from what I understand, yeah? I hope that made sense. I rush and post without giving myself time to properly organize my thoughts. Quote Link to comment Share on other sites More sharing options...
benanamen Posted January 12, 2018 Share Posted January 12, 2018 I didnt say dont use a button. I said dont check for it for the script to work. if ($_SERVER['REQUEST_METHOD'] == 'POST') { //Process form } Quote Link to comment Share on other sites More sharing options...
phreak3r Posted January 12, 2018 Author Share Posted January 12, 2018 I didnt say dont use a button. I said dont check for it for the script to work. if ($_SERVER['REQUEST_METHOD'] == 'POST') { //Process form } Like this? 5 if ($_SERVER['REQUEST_METHOD'] == 'POST') { 6 $username = $_POST['username']; 7 $password = $_POST['password']; // hash this thing later on... 8 $email = $_POST['email_address']; 9 10 $sqlinsert = "INSERT INTO profile0 ('username', 'password', 'email_address') VALUES ('$username', '$password', '$email')"; 11 mysqli_query($conn, $sqlinsert); 12 } Quote Link to comment Share on other sites More sharing options...
benanamen Posted January 13, 2018 Share Posted January 13, 2018 Yes. Now just stop creating variables for nothing. You already have the POST variables, just use them. Next, you need to get the variables out of the query and use Prepared Statements. Quote Link to comment Share on other sites More sharing options...
phreak3r Posted January 13, 2018 Author Share Posted January 13, 2018 (edited) Yes. Now just stop creating variables for nothing. You already have the POST variables, just use them. Next, you need to get the variables out of the query and use Prepared Statements. Creating variables for nothing? I thought they served a purpose, keep me from re-typing. This is very frustrating, nothing is being inserted into the database. Edited January 13, 2018 by phreak3r Quote Link to comment Share on other sites More sharing options...
benanamen Posted January 13, 2018 Share Posted January 13, 2018 I suggest you spend your efforts on learning PDO. This tutorial will get you going. https://phpdelusions.net/pdo Quote Link to comment Share on other sites More sharing options...
phreak3r Posted January 13, 2018 Author Share Posted January 13, 2018 I suggest you spend your efforts on learning PDO. This tutorial will get you going. https://phpdelusions.net/pdo Okay...thanks? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.