Jump to content
#FlattenTheCurve ×
Sign in to follow this  
zestyy99

PHP query to insert data into mysql database

Recommended Posts

I have been creating a registration system, and my code will not insert the fields: "firstname", "lastname", "email", "username" into my database however it will insert the hashed password into my database. I think the problem might have something to do with the for loop, but to me it seems like it should work.

<?php


if (isset($_POST['submit'])){
    require_once 'config.php';
        $hashed_password = password_hash($_POST["password"], PASSWORD_DEFAULT);
        $fields = ['firstname', 'lastname', 'email', 'username'];
        $escaped_values = [];
        foreach($fields as $field){
            $escaped_values[$field] = mysqli_real_escape_string($connect, $_POST['$field']);
        }
        $sql = "INSERT INTO users (firstname, lastname, email, username, password) VALUES ('{$escaped_values["firstname"]}', '{$escaped_values["lastname"]}', '{$escaped_values["email"]}', '{$escaped_values["username"]}', '$hashed_password')";
        mysqli_query($connect, $sql);
        // send email
        $emailRecipient = $_POST["email"];
        $subject = 'Welcome!';
        $message_body = 'You have successfully created an account ' . $_POST["username"] . '! Welcome.';
        mail($emailRecipient, $subject, $message_body);
}
?>
Edited by zestyy99

Share this post


Link to post
Share on other sites

You should be getting errors, check your query as it has problems with single and double quotation marks; better still would be to change it to prepared statements.

INSERT INTO users (firstname, lastname, email, username, password) VALUES (?, ?, ?, ?, ?);

Share this post


Link to post
Share on other sites

Hello, 

 

 

This line is off: 

 $escaped_values[$field] = mysqli_real_escape_string($connect, $_POST['$field']);

You don't want to pass in a variable into single quotation marks.  It looks like you would like to just do: 

$escaped_values[$field] = mysqli_real_escape_string($connect, $_POST[$field]);
Edited by pwntastic

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.