Joshua Joshua - 1 year ago 72
MySQL Question

Why isn't my PHP code posting to my SQL-Database?

I am pretty sure that I don't have any errors, however, when I submit the from, I don't get a "Success" like I should when my submission is successful. The connect.php is the php file that connects to my database, and I don't get any errors from that, so I know that I am connected to my database and the header.php is the header. Nothing that would cause any errors in there. And the footer is the same thing. I know that I am connected to my database because I got an error before when I was testing my code, however, now I don't get any errors, or a "Success".

Here is my attempt:

include 'connect.php';
include 'header.php';

echo '<h3>Sign up</h3>';
echo '<form method="post" action="">
Username: <input type="text" name="user_name" />
Password: <input type="password" name="user_pass">
Password again: <input type="password" name="user_pass_check">
E-mail: <input type="email" name="user_email">
<input type="submit" value="sign up" />

$fixed_user_name = $database_connection->real_escape_string($_POST['user_name']);
$fixed_user_email = $database_connection->real_escape_string($_POST['user_email']);
$now = NOW();

$sql = "INSERT INTO users (user_name, user_pass, user_email)
VALUES ($fixed_user_name, $_POST['user_pass'], $fixed_user_email)";

if($database_connection->query($sql) === TRUE){
echo "Success";
else {
echo "Error: " . $sql . "<br>" . $database_connection->error;

include 'footer.php';

Here is my connect.php file, as well:

$username = 'root';
$password = "root_password";
$database = 'cloud';

$database_connection = new mysqli("localhost", $username, $password, $database);

if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;

echo $mysqli->host_info . "\n";


Answer Source

here's a more secure way to your script with password_hash() and prepared-statements:



#include "connect.php"; // set $servername, $username, $password and $dbname there

include 'header.php';

// changed here the '' to "" and back
echo "<h3>Sign up</h3>".
    "<form method='post' action=''>
        Username: <input type='text' name='user_name' />
        Password: <input type='password' name='user_pass'>
        Password again: <input type='password' name='user_pass_check'>
        E-mail: <input type='email' name='user_email'>
        <input name='submit' type='submit' value='sign up' />

if(isset($_POST["submit"])) {

    include "connect.php";

    // set the user_name and user_email as a seperate variable
    $username = $_POST["user_name"];
    $email = $_POST["user_email"];
    $password = $_POST["user_pass"];
    $cpassword = $_POST["user_pass_check"];

    $fixed_user_name = mysqli_real_escape_string($conn, $username);

    $fixed_user_email = mysqli_real_escape_string($conn, $email);

    #$now = NOW();

    //check if password is not cpassword and if so, there is an error
    if ($password !== $cpassword) {
        echo "Passwords do not match!";

    //NEVER store PLAINTEXT PASSWORDS... user php build_in functions like password_hash() and store only the hash
    $hash = password_hash($password, PASSWORD_DEFAULT);

    //change your db_entry user_pass to hash
    $sql = $conn->prepare("INSERT INTO users (user_name, hash, user_email) VALUES (?, ?, ?)");
    $sql->bind_param("sss", $fixed_user_name, $hash, $fixed_user_email);

    echo "Success!";


include 'footer.php';


$servername = "localhost";
$username   = "root";
$password   = "root_password";
$dbname   = "cloud";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);

explanation is in the script with comments :)

have a look at manual for password_hash() function

maybe this helped you

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download