php INSERT INTO MySQL not working

Question

I 've been struggling with this one for a couple of days and since this is my first project using PHP it's kinda hard to figure it out by myself.I rewrote my code with the help from other threads but I still can't find the solution.

So, I want to make a simple user registration.I get the user's input from this form , which is included in registration_page.html, the code is this:

<form id="registerForm" action="http://localhost//register.php" method="post">
  <fieldset align="center">
    <legend id="legendText">Register</legend>
    <p>Name:
      <input type="text" name="fname" value="" required autofocus maxlength="16"></p>
    <p>Last name:
      <input type="text" name="lname" value="" required maxlength="16"></p>
    <p>E-mail:
      <input type="email" name="mail" value="" placeholder="@mail.com" maxlength="32" required></p>
    <p>Age:
      <input type="number" name="age" value="" maxlength="2" max="99" maxlength="2" size="2" min="1" required></p>
    <p>Job:
      <input type="text" name="job" value="" maxlength="16" required></p>
      <table align="center" id="registerPwdAndUsrTable" border="1" width="30%">
        <tr>
          <td>
            <p>Username:
              <input type="text" name="username" value="" required  maxlength="16"></p>
          </td>
          <td>
            <p>Password:
              <input type="password" name="password" value="" required  maxlength="16"></p>
          </td>
        </tr>
      </table>
      <input form="registerForm" type="Submit" value="Εγγραφή">
      <input form="registerForm" type="Reset" value="Ακύρωση">
  </fieldset>
</form>

After submitting the form the php script that is called is register.php (as you see in the action=" " my script is handled by the server ). Now,the register.php is:

register.php

<!Doctype html>
<html>
<head>
  <meta charset="utf-8"><!--characters recognised-->
  <title>Register</title>
<style>

body{
  background-image: url(my_images//background_homepage.jpg);
  background-repeat: no-repeat;
  background-size:cover;
}
</style>
</head>
<body>

<?php
  extract( $_POST );//superglobal variable

if( isset($_POST['submit'] ) ) {

  print_r($_POST);

  //Getting the variables from 'registerForm' ++  /* checking if user inputs are set */
  $first_name = (isset($_POST['fname'])) ? $_POST['fname'] : NULL;
  $last_name = (isset($_POST['lname'])) ? $_POST['lname'] : NULL;
  $age = (isset($_POST['age'])) ? $_POST['age'] : NULL;
  $job = (isset($_POST['job'])) ? $_POST['job'] :NULL;
  $email = (isset($_POST['mail'])) ? $_POST['mail'] : NULL;
  $username = (isset($_POST['username'])) ? $_POST['username'] : NULL;
  $password = (isset($_POST['password'])) ? $_POST['password'] : NULL;

//INSERT INTO Query Creation
$sqlQuery = "INSERT INTO registered_user ( age,email,fname,job,lname,password,username )
 VALUES ('$age','$email','$first_name','$job','$last_name','$password','$username')";

//MySQL connection
if( !( $database = mysql_connect( "localhost","root","" ) ) )//server name , a username , password
  die( "Couldn't connect to DB </body></html>" );//if false --> script gets terminated

//Opening database "htmlproject"
if( !mysql_select_db("htmlproject",$database) )//Database to be used , htmlproject
  die( "Couldnt open htmlproject db </body></html>" );

//Query
mysql_query( $sqlQuery, $database);
if( !( $result = mysql_query( $sqlQuery, $database) ) )
{
  print( "failed query! <br />" );
  die( mysql_error() . "</body></html>" );
}else{
  print("success query!");
}//end if

//Free resources
mysql_close( $database );

}//end ifisset
?><!--end php script.To be executed by server-->

<script type="text/javascript">//registration completed
var r=window.confirm("registration completed");
if( r == true){
  document.location.href = "HOMEPAGE.html";
}else{
    document.location.href = "HOMEPAGE.html";
}
</script>

</body>
</html>

So my problem is that the INSERT INTO registered_user... doesn't work.I don't get an entry to my database, nothing. I am using XAMPP and the table is this:

registered_user table SQL script

Little Bobby says your script is at risk for SQL Injection Attacks.. Even escaping the string is not safe! — Jay Blanchard
– Jay Blanchard, Commented Jun 23, 2016 at 18:25
Please stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really pretty easy. — Jay Blanchard
– Jay Blanchard, Commented Jun 23, 2016 at 18:25
Never store plain text passwords! Please use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack. Make sure you don't escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. — Jay Blanchard
– Jay Blanchard, Commented Jun 23, 2016 at 18:26
WARNING: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. This has many dangerous SQL injection vulnerabilities since you didn’t properly escape values. This code allows anyone to get anything from your site. DO NOT write your own authentication system. Any development framework like Laravel comes with an authentication system built-in. — tadman
– tadman, Commented Jun 23, 2016 at 18:29
@JayBlanchard I'm slowly wearing out my V key by pasting that on to so many answers, but it's got to be said. This stuff is crazy hard to get perfectly correct, and anything less than that exposes your users to huge risks. Code like this is why the hall of shame keeps getting bigger on a daily basis, so don't think I'm over-reacting here. Thanks for helping with warnings and advice. Every bit counts! — tadman
– tadman, Commented Jun 23, 2016 at 18:34

Community · Accepted Answer · 2017-05-23 11:44:16Z

4

You never, ever define 'submit'. You don't have a form element with that name. Therefore this:

if( isset($_POST['submit'] ) ) {

will fail every time. You're not outputting any error messages, have you checked your error logs? You're making an assumption the queries are working. Add error reporting to the top of your file(s) right after your opening <?php tag error_reporting(E_ALL); ini_set('display_errors', 1); Add error checking, such as or die(mysql_error()) to your queries. Or you can find the issues in your current error logs. Error checking will reveal $_POST['submit'] is undefined.

In addition:

Little Bobby says your script is at risk for SQL Injection Attacks.. Even escaping the string is not safe!

Please stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really pretty easy.

Never store plain text passwords! Please use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack. Make sure you don't escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding.

edited May 23, 2017 at 11:44

CommunityBot

11 silver badge

answered Jun 23, 2016 at 18:27

Jay Blanchard

34.5k17 gold badges82 silver badges130 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

kunruh Over a year ago

Just to clarify for John here, you need to add name="submit" attribute to your Submit input. I know this answer is probably sufficient for most people to understand that, but it sounds like you are fairly new to submitting forms so I just wanted make sure it's clear. Though you do specify type="submit", it also needs a name to be referenced within the $_POST array.

Yiannr Over a year ago

This was the error that prevented my entries to be submitted.

Collectives™ on Stack Overflow

php INSERT INTO MySQL not working

1 Answer 1

2 Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

2 Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related