php INSERT INTO users (username, email, password) VALUES (:usernamebox, :emailbox, :passwordbox)

[bee65]

Can someone tell me why my php code isn't inserting users into the database. My database is made and table is made. I created a register form so my visitors can register but im getting a blank page.

I has something to do with the following code

 

$statement = $connection->prepare('INSERT INTO users (username, email, password) VALUES (:usernamebox, :emailbox, :passwordbox)');
if($statement){
$result = $statement->execute([
':usernamebox' => $data['usernamebox'],
':emailbox' => $data['emailbox'],
':passwordbox' => $data['passwordbox'],
]);

if ($result) {
$_SESSION['messages'][] = 'Thanks for registering. Check your email to confirm your email';
header('Location: register.php');
exit;
}

 

Why is there the " : "  before the usernamebox

 

Heres how my form looks like

 

<form action="register-clicked.php" method="POST">
Username:
<input type="text" name="usernamebox" placeholder="Enter Username Here">
Email:
<input type="text" name="emailbox" placeholder="Enter email here">Password:
<input type="password" name="passwordbox" placeholder="Enter password here">
Confirm Password:
<input type="password" name="passwordconfirmbox" placeholder="Re-enter password here">
<input type="submit" name="submitbox" value="Press to submit">
</form>

[maxxd]

It's a prepared statement, hence the prepare() method called on the $connection object. It's the correct way to run a query in PHP these days, so well done! In the SQL statement passed to the prepare() method, the `:username`, `:emailbox`, and `:passwordbox` are placeholders in the query. When you pass an array to execute(), that array contains the values to use in those placeholders, so the ':username', ':emailbox', and ':passwordbox' there are keys for the array so that SQL knows which value to plug in to each placeholder.

Basically, using prepared statements blocks a potential avenue that hackers can use to attack your database or get your data. There are other benefits to prepared statements, but that's kind of the biggest and more pertinent for most systems.

Edited July 22, 2021 by maxxd
typo

[Psycho]

No way to tell from the code provided as to why you are getting a blank page. That code produces no output. It attempts to set a header value and then redirects to another page. I say "attempts" because I don't see any code where you actually start a session before trying to save a session value.

Part of coding is learning to debug. Rather than assuming your code works and redirecting to another page, try outputting to the page for BOTH the success condition and the error conditions. Then, based on those results you can then ad the additional code to redirect or whatever you want.

What does the following output?

if ($result) {
    //$_SESSION['messages'][] = 'Thanks for registering. Check your email to confirm your email';
    //header('Location: register.php');
    //exit;
    echo "Success saving record with the following values:<br>\n";
    echo "usernamebox: '{$data['usernamebox']}'<br>\n";
    echo "emailbox: '{$data['emailbox']}'<br>\n";
    echo "passwordbox: '{$data['passwordbox']}'<br>\n";
}
else
{
    echo "Error attempting to save record with the following values:<br>\n";
    echo "usernamebox: '{$data['usernamebox']}'<br>\n";
    echo "emailbox: '{$data['emailbox']}'<br>\n";
    echo "passwordbox: '{$data['passwordbox']}'<br>\n";
}

 

[bee65]

So i found out why it was not working. I forgot that i started to code but didn't finish the part where it checks if a user already exists in the database. I deleted that part and my program is now working.

So stupid of me.

Thank you both for the help. Im learning off a tutorial website but there doesn't seem to be support and maybe an error or 2

 

This is what my session and final register looks like

<?php


session_start();



$data = $_POST;

if( empty($data['usernamebox']) ||
    empty($data['emailbox']) ||
    empty($data['passwordbox']) ||
    empty($data['passwordconfirmbox'])) {

    $_SESSION['messages'][] = 'Please fill all required fields';
    header('Location: register.php');
    exit;

}




if ($data['passwordbox'] !== $data['passwordconfirmbox']) {
    $_SESSION['messages'][] = 'Passwords do not match';
    header('Location: register.php');

    exit;
}


$dsn = 'mysql:dbname=marDatabase;host=localhost';
$dbUser='root';
$dbPassword= '';

try{
$connection = new PDO($dsn, $dbUser, $dbPassword);
} catch (PDOException $exception){
    $_SESSION['messages'][] = 'Connection failed: ' . $exception->getMessage();
    header('Location: register.php');
    exit;
}








$statement = $connection->prepare('INSERT INTO users (username, email, password) VALUES (:usernamebox, :emailbox, :passwordbox)');
if($statement){
    $result = $statement->execute([
            ':usernamebox' => $data['usernamebox'],
            ':emailbox' => $data['emailbox'],
            ':passwordbox' => $data['passwordbox'],
        ]);

if ($result) {
    $_SESSION['messages'][] = 'Thanks for registering. Check your email to confirm your email';
    header('Location: register.php');
    exit;
}


}

?>

<?php
session_start();
if (empty($_SESSION['messages'])){
    return;
}
$messages = $_SESSION['messages'];
unset($_SESSION['messages']);
?>
<ul>
<?php
foreach ($messages as $message):
?>
<li>
<?php
echo $message;
?>
</li>
<?php
endforeach; 
?>
</ul>