0

I am working on a website where you can register. Now am I aware that when handling user input you must use prepared statements.

Now my problem. On this registration form when I try to register the query does not execute but I don't get any errors either. I have tried back ticks in the query, no back ticks. But to no avail(otherwise I would not ask the question:P).

Could someone say if I am using the right way to check if the query was successful or not?

Here is the HTML form:

<form id="register" action="Register.php" name="register" method="post">

     <table>
            <tr>
                <td>
                    <label id="lblUsername">Username</label>
                </td>
                <td>
                    <input type="text" id="txtUsername" name="username" required>
                </td>
            </tr>
            <tr>
                <td>
                    <label id="lblEmail">Email</label>
                </td>
                <td>
                    <input type="text" id="txtEmail" name="email" required>
                </td>
            </tr>
            <tr>
                <td>
                    <label ID="lblPass">Password</label>
                </td>
                <td>
                    <input type="password" name="password" ID="txtPassword" required>
                </td>
            </tr>
            <tr>
                <td>
                    <label ID="lblConfPass">Herhaal password</label>
                </td>
                <td>
                    <input type="password" name="confpass" ID="txtconfpass" required>
                </td>
            </tr>

            <tr>
                <td><label id="lblVnaam">Voornaam:</label></td>
                <td><input name="vnaam" type="text" required></td>
            </tr>
            <tr>
                <td><label id="lblAnaam">Achternaam:</label></td>
                <td><input name="anaam" type="text" required></td>
            </tr>    
        </table>
        <input type="submit" name="submit" value="Registreren" required>
        <br />
</form>

Here is the PHP part:

error_reporting(E_ALL);
ini_set('display_errors', -1);

if(isset($_POST['submit']))
{

$host = "localhost";
$username = "root";
$password = "password";
$dbname = "mijnwebsite";

$conn = new mysqli($host,$username,$password,$dbname);


if($conn->connect_errno)
{
    die('Unable to connect to the database. [' . $conn->connect_error . ']');
}



$errors = array();
$data = array();
$fname = $_POST['vnaam'];
$lname = $_POST['anaam'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$confpass = $_POST['confpass'];
$password_hash = crypt($password);

$stmt = $conn->prepare("INSERT INTO `User`(`Fname`, `Lname`, `Email`, `Username`, `Password`) VALUES(?,?,?,?,?)");

$stmt->bind_param("sssss", $fname, $lname, $email, $username, $password_hash);

if(!$stmt->execute())
{
    die("Kon query niet uitvoeren. " . $stmt->error);
}
else
{
    echo '<script type="text/javascript">alert ("Registratie gelukt! klik op oke om door te gaan.");</script>'; 
}

}

?>

Note: I am going to validate the input but right now I just want to be able to insert.

Thank you guys in advance. Also if there are things that need to be added please leave a comment.

Edit: I have changed the error reporting. That was the reason I didn't got any errors back. The Error i got back was:

Fatal error: Call to undefined function password_hash() in /var/www/Register.php on line 140

Edit 2 : As per Fred -ii- Answer here by i will post my DB structure dbstructure

Edit 3: now that i added the back tick to the end of Username when preparing the query and i added this if(!$stmt->execute()){trigger_error("There was an error....".$conn->error, E_USER_WARNING);} I get a different error.

Fatal error: Call to a member function bind_param() on a non-object in /var/www/Register.php on line 146

Note 4: I have updated the code to match the Answer of @Fred-ii- and what is working right now. I want to Thank everybody who has taken time out of their day to help me out.

Improve this question
10
  • 1
    "I don't get any errors either", are you looking for errors? Take a look at error_reporting(-1);, mysqli_error and mysqli_stmt_error Commented Jan 2, 2016 at 14:54
  • 1
    Change display_error to display_errors. Commented Jan 2, 2016 at 14:54
  • 2
    `Username, is missing it's end! Commented Jan 2, 2016 at 15:13
  • 2
    @ChrisG ah good catch on that! I'll make an edit to my answer with credit to you. Commented Jan 2, 2016 at 15:14
  • 1
    @ChrisG Thank you mate I am wondering how i missed that i checked the query like 3 times. I will update on this matter Commented Jan 2, 2016 at 15:17

1 Answer 1

Reset to default
6

As per your error in an edit.

Fatal error: Call to undefined function password_hash() in /var/www/Register.php on line 140

There you go. Your version of PHP doesn't support the function. You need to use the password compatibility pack.

https://github.com/ircmaxell/password_compat

You can also look into using crypt() http://php.net/manual/en/function.crypt.php

  • Make sure that the password column is long enough to hold the hash. A safe best is VARCHAR(255).

You also have (had) a typo in display_error and needs to be display_errors with an "s". (which you now edited in your question) https://stackoverflow.com/posts/34567204/revisions.

As per the manual http://php.net/manual/en/function.error-reporting.php

Edit:

As per Chris G's comment, you have a missing tick for the Username column in

(`Fname`, `Lname`, `Email`, `Username, `Password`)
                                     ^ right there.

Kudos to Chris

(`Fname`, `Lname`, `Email`, `Username`, `Password`)

Error checking on the query http://php.net/manual/en/mysqli.error.php would have signaled the error once you've gotten your code to work with the password hashing function that you are able to use.

However, I would replace

if(!$stmt->execute())

with

if(!$stmt->execute()){trigger_error("There was an error....".$conn->error, E_USER_WARNING);}

That may work better for you.

Edit #2:

Another thing I just noticed now; your column names in the query and your screenshot's column names do not seem to match in names.

  • voornaam and achternaam and whether they correspond to Fname and Lname in our query.

Error checking would have thrown you an error about column mismatch/non-existant, and/or the number of binds do not match.

Edit #3, taken from chat:

Your table is called User but your query's table is Users with an "s".

Screenshot: https://i.sstatic.net/YfNJY.jpg

Hence the error for:

Fatal error: Call to a member function bind_param() on a non-object in /var/www/Register.php on line 146

  • You chose the wrong table.
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

oh yeah ofcourse i didn't update that in the question will update it right away
@BRoebie I made a few more edits. One of which states to make sure the password column is long enough to hold the hash. Minimum required is 60, but 255 is better as per what PHP.net suggests to use.
@BRoebie yeah, Chris had that "Eagle Eye" on that one. Well, I think that once you've configured the compat pack or crypt(), you should be good to go.
@BRoebie it's because of the column names and I've made an edit about it in my answer near the bottom.
Let us continue this discussion in chat.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.