Joshua Joshua - 29 days ago 7
MySQL Question

Why isn't my PHP code posting to my SQL-Database?

I am pretty sure that I don't have any errors, however, when I submit the from, I don't get a "Success" like I should when my submission is successful. The connect.php is the php file that connects to my database, and I don't get any errors from that, so I know that I am connected to my database and the header.php is the header. Nothing that would cause any errors in there. And the footer is the same thing. I know that I am connected to my database because I got an error before when I was testing my code, however, now I don't get any errors, or a "Success".

Here is my attempt:

<?php
//signup.php
include 'connect.php';
include 'header.php';

echo '<h3>Sign up</h3>';
echo '<form method="post" action="">
Username: <input type="text" name="user_name" />
Password: <input type="password" name="user_pass">
Password again: <input type="password" name="user_pass_check">
E-mail: <input type="email" name="user_email">
<input type="submit" value="sign up" />
</form>';
if($_SERVER['REQUEST_METHOD'] === 'POST') {

$fixed_user_name = $database_connection->real_escape_string($_POST['user_name']);
$fixed_user_email = $database_connection->real_escape_string($_POST['user_email']);
$now = NOW();

$sql = "INSERT INTO users (user_name, user_pass, user_email)
VALUES ($fixed_user_name, $_POST['user_pass'], $fixed_user_email)";

if($database_connection->query($sql) === TRUE){
echo "Success";
}
else {
echo "Error: " . $sql . "<br>" . $database_connection->error;
}
}

include 'footer.php';
?>


Here is my connect.php file, as well:

<?php
//connect.php
$username = 'root';
$password = "root_password";
$database = 'cloud';

$database_connection = new mysqli("localhost", $username, $password, $database);

if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}

echo $mysqli->host_info . "\n";

?>

Answer

here's a more secure way to your script with password_hash() and prepared-statements:

signup.php

<?php
//signup.php

#include "connect.php"; // set $servername, $username, $password and $dbname there

include 'header.php';

// changed here the '' to "" and back
echo "<h3>Sign up</h3>".
    "<form method='post' action=''>
        Username: <input type='text' name='user_name' />
        Password: <input type='password' name='user_pass'>
        Password again: <input type='password' name='user_pass_check'>
        E-mail: <input type='email' name='user_email'>
        <input name='submit' type='submit' value='sign up' />
     </form>";

if(isset($_POST["submit"])) {

    include "connect.php";

    // set the user_name and user_email as a seperate variable
    $username = $_POST["user_name"];
    $email = $_POST["user_email"];
    $password = $_POST["user_pass"];
    $cpassword = $_POST["user_pass_check"];

    $fixed_user_name = mysqli_real_escape_string($conn, $username);

    $fixed_user_email = mysqli_real_escape_string($conn, $email);

    #$now = NOW();

    //check if password is not cpassword and if so, there is an error
    if ($password !== $cpassword) {
        echo "Passwords do not match!";
    }

    //NEVER store PLAINTEXT PASSWORDS... user php build_in functions like password_hash() and store only the hash
    $hash = password_hash($password, PASSWORD_DEFAULT);

    //change your db_entry user_pass to hash
    $sql = $conn->prepare("INSERT INTO users (user_name, hash, user_email) VALUES (?, ?, ?)");
    $sql->bind_param("sss", $fixed_user_name, $hash, $fixed_user_email);
    $sql->execute();

    echo "Success!";

    $sql->close();
    $conn->close();

}
include 'footer.php';
?>


connect.php

<?php
//connect.php
$servername = "localhost";
$username   = "root";
$password   = "root_password";
$dbname   = "cloud";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
?>

explanation is in the script with comments :)

have a look at php.net manual for password_hash() function

maybe this helped you