Alex Probert Alex Probert - 1 month ago 7
HTML Question

PHP Register page is running, but not inputting into the database

I'm currently developing a register page using PHP
It all seems to run ok, but the information is not being inputted into the database. I've been looking for hours but cant seem to find the issue.
Any help is appreciated.

<!DOCTYPE>
<html>
<head>
<title>Web App</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4 /jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7 /js/bootstrap.min.js"></script>
</head>
<body style="background:lightblue;">
<div class="container">
<h1>Register</h1>
<form action="#" method="POST">
<div class="form-group">
<label for="email">Email address:*</label>
<input type="email" class="form-control" name="email" placeholder="Example@hotmail.co.uk" value="<?php if(isset($_POST['email'])) echo $_POST['email'];?>">
</div>
<div class="form-group">
<label for="fname">First Name:*</label>
<input type="text" class="form-control" name="fname" placeholder="John" value="<?php if(isset($_POST['fname'])) echo $_POST['fname'];?>">
</div>
<div class="form-group">
<label for="lname">Last Name:*</label>
<input type="text" class="form-control" name="lname" placeholder="Smith" value="<?php if(isset($_POST['lname'])) echo $_POST['lname'];?>">
</div>
<div class="form-group">
<label for="pwd">Password:*</label>
<input type="password" class="form-control" name="pwd1" placeholder="*********" value="<?php if(isset($_POST['pwd1'])) echo $_POST['pwd1'];?>">
</div>
<div class="form-group">
<label for="pwd">Re-Enter Password:*</label>
<input type="password" class="form-control" name="pwd2" placeholder="*********" value="<?php if(isset($_POST['pwd2'])) echo $_POST['pwd2'];?>">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
</div>
<?php

if($_SERVER['REQUEST_METHOD'] =='POST'){

require('connect.php');
$error = false;

//email
if(isset($_POST['email'])){
$email = mysql_real_escape_string(trim($_POST['email']));
}
else{
echo'please enter your email address';
$error = true;
}

//first name
if(!isset($_POST['fname'])){
$fname = mysql_real_escape_string(trim($_POST['fname']));
}
else{
echo'please enter your first name';
}

//last name
if(isset($_POST['fname'])){
$lname = mysql_real_escape_string(trim($_POST['lname']));
}
else{
echo'please enter your last name';
$error = true;
}

//password
if(isset($_POST['pwd2'])){

if(!empty($_POST['pwd2'])){

if ($_POST['pwd1'] != $_POST['pwd2']){

echo'Passwords do not match';
$error = true;

}
else{

$pwd = mysql_real_escape_string(trim($_POST['pwd1']));

}
}
else{

echo'Please enter your password';
$error = true;

}
}
else{

echo'please enter your password';
$error = true;

}

if (!$error){

$query = "INSERT INTO Login (Email, Firstname, Lastname, Password) VALUES ('$email', '$fname', '$lname', SHA512('$pwd')";
$results = mysql_query($query);

if (results){
header('Location: login.php');
}
else{
echo'Oops!';
}

mysql_close($db_connected);
exit();

}
}
?>
</body>
</html>

Answer

The reason this is failing is because you never connect to the database to begin with ($db_connection). In addition, MySQL does not have a SHA512() function which would cause your query to fail.


Little Bobby says your script is at risk for SQL Injection Attacks.. Even escaping the string is not safe! SQL Injection! It's not just for breakfast any more!

Please stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really pretty easy.

Never store plain text passwords! Please use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack. Make sure you don't escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding.