0

==> index.php:

<form action="anotherpage.php" method="POST"/>
<br>Username: <input type="text" name="user_name"><br><br>
Password: <input type="password" name="pwd"><br><br>
Repeat:   <input type="password" name="pwd2"><br><br>
<input type="radio" name="sex" value="male">Male<br>
<input type="radio" name="sex" value="female">Female<br><br>
<input type="submit" value="Submit">
</form>

This is my index.php and I created an "anotherpage.php".

==> anotherpage.php

<?php

define('DB_NAME', 'test');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if (!$link) {
    die('Could not connect: '. mysql_error());
}

$db_selected = mysql_select_db(DB_NAME, $link);

if (!$db_selected) {
    die('Can\'t use '.DB_NAME.': '.mysql_error());
}

echo 'Connected successfully!<br>';

$username = mysql_real_escape_string($_POST['user_name']);
$password = mysql_real_escape_string($_POST['pwd']);
$sexuality = mysql_real_escape_string($_POST['sex']);

$sql = "INSERT INTO users (username, password, sexuality) VALUES ('".$username."','".$password."','".$sexuality."')";

if (!mysql_query($sql)) {
    die('Error: '. mysqli_error($con));
}

if(isset($_POST['user_name']) &&! empty($_POST['user_name']) && isset($_POST['pwd2']) &&! empty($_POST['pwd2']) && isset($_POST['pwd']) &&! empty($_POST['pwd']) && isset($_POST['sex']) &&! empty($_POST['sex']) or die('PART\'S ARE NOT FILLED!')) 
{
    $user_name = $_POST['user_name'];
    $user_name_up = strtoupper($user_name);
    $pwd = $_POST['pwd'];
    $pwd2 = $_POST['pwd2'];
    $sex = $_POST['sex'];

    $fp = fopen("formdata.txt", "a");
    $savestring = $user_name . "," . $pwd.",".$pwd2.",".$sex." - ";
    fwrite($fp, $savestring);
    fclose($fp);
}
if($pwd == $pwd2 or die('DIFFERENT PASSWORDS!'))
{
    echo $user_name_up.' ALL TAKEN!<BR>THANK YOU!!!<br><h1>You data has been saved!</h1>';
}


?>

I can save the input to database now. But the think is i want to do this think if my if statement comes true. Otherwise even if the passwords dont match i save the input to database. How can i do that?

If i change the place of my code i get an error.

MANY THANKS FROM NOW! :)

Improve this question
5
  • 1
    Well, you open a text file, write the data to the file and close it once you're sure everything is OK. php has file functions so I really can't understand where your problem is? Commented Jan 15, 2014 at 22:36
  • 1
    You might want to look into using a database such as MySQL. Commented Jan 15, 2014 at 22:40
  • 1
    Well, there's fwrite() and file_put_contents() that you could Google for. You're sure to find OODLES on Google ;-) Commented Jan 15, 2014 at 22:44
  • And while you're at it, check the flock function Commented Jan 15, 2014 at 23:00
  • WELL GUYS THANK YOU! I FOUND OUT HOW TO SAVE THEM TO A FILE, NOW THE PROBLEM IS THAT I CANT SAVE TO DATABASE... :D EDITED POST! WAITING FOR COMMENTS... Commented Jan 16, 2014 at 0:18

1 Answer 1

Reset to default
1

Please be aware of sql injections, please read the treat How can I prevent SQL injection in PHP?

The sql is misplaced, the part below must put into the same if statement as where you save the file. 

$sql = 'INSERT INTO users (username, password, sexuality) VALUES ("$_POST[user_name]","$pwd","$sex")';

if (!mysql_query($sql)) {
      die('Error: '. mysqli_error($con));
}

You have also change the quotes and add string concats to get it worked correctly 

$sql = "INSERT INTO users (username, password, sexuality) VALUES ('".$_POST['user_name']."','".$pwd."','".$sex."')";

if (!mysql_query($sql)) {
      die('Error: '. mysqli_error($con));
}

But be aware the code above is still unsafe, the code below is a little more safe

$username = mysql_real_escape_string($_POST['user_name']);
$password = mysql_real_escape_string($pwd);
$sexuality = mysql_real_escape_string($sex);

$sql = "INSERT INTO users (username, password, sexuality) VALUES ('".$username."','".$password."','".$sexuality."')";

Its not wise to save passwords directly into the database, please read the follow How to change a SALT password in a database using PHP?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.