Jump to content

Issue with inserting data into database


phreak3r

Recommended Posts

Hi there I am phreak3r, just registered. I happened to stumble across a forum post dealing with php which lead me to this site. I have tried other avenues of assistance to no avail. I am hoping you all could help me here. The connection to the web server and mysql server seem to be up and running, same with the database. However, there the data doesn't appear to be inserted into the database (well, the specified tables). I have attached the main files involved below. Thank you for your assistance!

 

P.S. Excuse the terrible code and what not, I am new to PHP and this is all just a test, official security 'stuff' will be added later. I am just trying to get past a small hurdle. If you need anymore information/files feel free to reach out to me.

 

EDIT: Running LAMP stack on Xubuntu machine, phpMyAdmin is being utilized as well.

 

 

confirmation.php

signup.php

dbcon.php

Link to comment
Share on other sites

Attachments are rather annoying for us to work with. How about posting the parts of the code that have to deal with inserting (ie, the parts that aren't working)?

 How are attachments annoy for you to work with? Here you go!

  1 <?php
  2 include('header.php');
  3 require('dbcon/dbcon.php');
  4 
  5 if (isset($_POST['submitted'])) {
  6     $username = $_POST['username'];
  7     $password = $_POST['password']; // hash this thing later on...
  8     $email = $_POST['email_address'];
  9 
 10     $sqlinsert = "INSERT INTO profile0 ('username', 'password', 'email_address') VALUES ('$username', '$password', '$email')";
 11     mysqli_query($sqlinsert);
 12 
 13 
 14 
 15 }
 16 ?>

Link to comment
Share on other sites

Here's a "Pro" tip for you. There is no need for, and many possible issues with closing out your php scripts with the closing tag

 

?>
I would suggest you delete those from your files.

 

We don't know what the problem is without some information from you. The obvious problem I see is that you do not check for errors after your insert, and you are using the procedural mysqli_* functions incorrectly because you are not passing a mysqli link parameter.

 

 

Beyond that the SQL does not look incorrect, but any issue with either the database connection or the names of columns, constraints etc. could cause your query to fail.

 

Since you don't check here, I expect you also don't check to see if your connection works. Take a look at the mysqli::query page: http://php.net/manual/en/mysqli.query.php

 

For example:

 

if (TRUE === mysqli_query($conn, $sqlinsert)) {
    echo "Inserted.";

} else {
    echo "Error: " . mysqli_error($conn);
}
Link to comment
Share on other sites

Here's a "Pro" tip for you. There is no need for, and many possible issues with closing out your php scripts with the closing tag

 

?>
I would suggest you delete those from your files.

 

We don't know what the problem is without some information from you. The obvious problem I see is that you do not check for errors after your insert, and you are using the procedural mysqli_* functions incorrectly because you are not passing a link

parameter.

 

 

Beyond that the SQL does not look incorrect, but any issue with either the database connection or the names of columns, constraints etc. could cause your query to fail.

 

Since you don't check here, I expect you also don't check to see if your connection works. Take a look at the mysqli::query page: http://php.net/manual/en/mysqli.query.php

 

For example:

 

if (TRUE === mysqli_query($conn, $sqlinsert)) {
    echo "Inserted.";

} else {
    echo "Error: " . mysqli_error($conn);
}

 

I check the connection in another file/some code that is not presented. Here's the code for the connection to the database:

  1 <?php
  2 $servername   = "localhost";
  3 $database = "soapbox";
  4 $username = "root";
  5 $password = "1234";
  6 
  7 // Create connection
  8 $conn = mysqli_connect($servername, $username, $password, $database);
  9 mysqli_select_db($conn, $database);
 10 /*if (!$conn) {
 11     die("Connection failed: " . mysqli_connect_error());
 12 } else {
 13     echo "Connection successful!";
 14 }
 15 
 16 if (!mysqli_select_db($conn, $database)) {
 17     echo " Database not selected!";
 18 } else {
 19     echo " Database selected!";
 20 }*/
 21 ?>
~     

I am not sure what else it could be really. What do you mean by this? "We don't know what the problem is without some information from you. The obvious problem I see is that you do not check for errors after your insert, and you are using the procedural mysqli_* functions incorrectly because you are not passing a link

parameter."

Link to comment
Share on other sites

Did you look at the code I provided and check what is different from your code?

 

Look at the manual page I linked. Note that the 1st parameter needs to be the mysqli connection handle aka 'link'.

 

I fixed the problem for you in the code I provided.

Link to comment
Share on other sites

Did you look at the code I provided and check what is different from your code?

 

Look at the manual page I linked. Note that the 1st parameter needs to be the mysqli connection handle aka 'link'.

 

I fixed the problem for you in the code I provided.

 

Yes I did check what was different. I added the first parameter. Still nothing... And remove the closing tags? Why?

Link to comment
Share on other sites

Closing tags can inject whitespace accidentally that causes output breaking sessions and other things. Without the end tags, PHP cleans up those problems for you.

 

In your dbconn.php remove the comments around the error checking. Are you actually getting a connection or an error?

Link to comment
Share on other sites

Closing tags can inject whitespace accidentally that causes output breaking sessions and other things. Without the end tags, PHP cleans up those problems for you.

 

In your dbconn.php remove the comments around the error checking. Are you actually getting a connection or an error?

 

Well wouldn't that mess up the visual look of the page, say if you've got php at the top, html in the middle, and php at the bottom? I tried it and it did not work for me.

I am indeed getting a connection, no errors are being thrown. Everything goes through, but there's no data being inserted into the database, it is very weird.

Link to comment
Share on other sites

No it doesn't mess up the look of anything to not have end tags. It is not relevant to the problems you are having, but it's a best practice with professional PHP.

 

It's part of PSR-2 which you can look at here: http://www.php-fig.org/psr/psr-2/

 

If you follow those standards and recommendations your code will also be easy to read.

 

At any rate, did you also provide the code I offered up around the insert? This can help you debug if there is a SQL issue with the Insert itself.

 

Feel free to post snippets of the current insert code you have. Also, are you using something like firebug to insure that the form is submitting where you think it is, and you are getting a valid HTTP response?

Link to comment
Share on other sites

"No it doesn't mess up the look of anything to not have end tags. It is not relevant to the problems you are having, but it's a best practice with professional PHP."

 

"The closing ?> tag MUST be omitted from files containing only PHP." - From PSR-2 Coding Style Guide - PHP-FIG under Files 2.2

 

The confirmation.php script is not PHP only. As for some of the others, they would benefit from removing the PHP end tag.

 

CONFIRMATION.PHP

 <?php
  2 include('header.php');
  3 require('dbcon/dbcon.php');
  4 
  5 if (isset($_POST['submitted'])) {
  6     $username = $_POST['username'];
  7     $password = $_POST['password']; // hash this thing later on...
  8     $email = $_POST['email_address'];
  9 
 10     $sqlinsert = "INSERT INTO profile0 ('username', 'password', 'email_address') VALUES ('$username', '$password', '$email')";
 11     mysqli_query($conn, $sqlinsert);
 12 
 13     if (TRUE === mysqli_query($conn, $sqlinsert)) {
 14         echo "Inserted.";
 15 
 16     } else {
 17         echo "Error: " . mysqli_error($conn);
 18     }
 19 }       
 20 ?>
 21 
 22 <!DOCTYPE html>
 23     <html>
 24         <head>
 25             <title>soapbox - confirmation</title>
 26         </head>
 27 
 28         <body>
 29             <br>
 30             <?php echo "The data provided has been sent to the server and is being inserted into the database.
 31                         In order to complete the process $username, we need you to confirm your account.
 32                         We have sent you an email at $email, the provided email upon signing up for an account.
 33                         Thank you and cheers! - dbk"
 34             ?>
 35         </body>
 36     </html>

SIGNUP.PHP

  1 <?php include('header.php'); ?>
  2 
  3 <!DOCTYPE html>
  4 <html>
  5     <head>
  6         <title>soapbox - sign up</title>
  7     </head>
  8 
  9     <body>
 10         <form action="confirmation.php" method="POST">
 11             <br> Username: <br>
 12             <input type="text" name="username" maxlength="26" placeholder="Username">
 13 
 14             <br> Password: <br>
 15             <input type="password" name="password" maxlength="26" placeholder="Password">
 16 
 17             <br> Email Address: <br>
 18             <input type="email" name="email_address" placeholder="Email Address">
 19 
 20             <br>
 21             <input type="submit" value="Submit">
 22         </form>
 23     </body>
 24 
 25 <!--Include footer later on -->
 26 </html>

DBCON.PHP

  1 <?php
  2 $servername   = "localhost";
  3 $database = "soapbox";
  4 $username = "root";
  5 $password = "1234";
  6 
  7 // Create connection
  8 $conn = mysqli_connect($servername, $username, $password, $database);
  9 mysqli_select_db($conn, $database);
 10 if (!$conn) {
 11     die("Connection failed: " . mysqli_connect_error());
 12 } else {
 13     echo "Connection successful!";
 14 }
 15 
 16 if (!mysqli_select_db($conn, $database)) {
 17     echo " Database not selected!";
 18 } else {
 19     echo " Database selected!";
 20 }
 21 ?>

"Also, are you using something like firebug to insure that the form is submitting where you think it is, and you are getting a valid HTTP response?"

 

Nope, I am using plain old vim. I believe I am indeed getting a valid HTTP response. The server is up and running, no problems of that sort.

Link to comment
Share on other sites

The problem is your code is looking for POST submitted in order to work and it doesn't exist. You are improperly hoping the name of a button will be submitted in order for your script to work. You need to be checking the REQUEST METHOD instead.

 

Do not create variables for nothing.

 

NEVER EVER put variables in your query. You need to use Prepared Statements.

 

Do not output internal system errors to the user.

 

I recommend you use PDO.

https://phpdelusions.net/pdo

Link to comment
Share on other sites

The problem is your code is looking for POST submitted in order to work and it doesn't exist. You are improperly hoping the name of a button will be submitted in order for your script to work. You need to be checking the REQUEST METHOD instead.

 

Do not create variables for nothing.

 

NEVER EVER put variables in your query. You need to use Prepared Statements.

 

@benanamen Ah, I thought it would be a simple problem. I feel stupid, but thank you. I will use the request method. However, if you use POST with an input instead of a button it will give you problems from what I understand, yeah? I hope that made sense. I rush and post without giving myself time to properly organize my thoughts.

Link to comment
Share on other sites

 

I didnt say dont use a button. I said dont check for it for the script to work.

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
//Process form
}

 

Like this?

  5  if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  6     $username = $_POST['username'];
  7     $password = $_POST['password']; // hash this thing later on...
  8     $email = $_POST['email_address'];
  9 
 10     $sqlinsert = "INSERT INTO profile0 ('username', 'password', 'email_address') VALUES ('$username', '$password', '$email')";
 11     mysqli_query($conn, $sqlinsert);
 12 }  
Link to comment
Share on other sites

Yes. Now just stop creating variables for nothing. You already have the POST variables, just use them. Next, you need to get the variables out of the query and use Prepared Statements.

 

Creating variables for nothing? I thought they served a purpose, keep me from re-typing. This is very frustrating, nothing is being inserted into the database.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.