Darcey Mckelvey Darcey Mckelvey - 7 months ago 25
SQL Question

When I register it says the login message but the data isn't going to the database

I took a look at this posted question: I am getting no errors but the data is not going into the database on wamp but I did use mysqli for my code.

Here is my code:

<?php
include( "includes/header.php" );
error_reporting(E_ALL); ini_set('display_errors', '1');
$register = $_POST['register'];
//declaring variables needed for the registration form to prevent errors
$fname = "";
$lname = "";
$uname = "";
$email = "";
$email2 = "";
$password = "";
$password2 = "";
$signup_date = "";
$username_check = ""; // check if username exists
//assigning variables from the registration form
$fname = strip_tags($_POST['fname']);
$lname = strip_tags($_POST['lname']);
$uname = strip_tags($_POST['uname']);
$email = strip_tags($_POST['email']);
$email2 = strip_tags($_POST['email2']);
$password = strip_tags($_POST['password']);
$password2 = strip_tags($_POST['password2']);
$signup_date = date("Y-m-d");

if ($register) {
if ($email == $email2) {
$username_check = mysqli_query("SELECT username FROM users WHERE username = '$uname'");
$row = mysqli_num_rows($username_check);
if ($row == 0) {
if ($fname&&$lname&&$uname&&$email&&$email2&&$password&&$password2) {
if ($password == $password2) {
if (strlen($uname)>25||strlen($fname)>25||strlen($lname)>25) {
echo "The maximum limit for username/first name/ last name is 25 characters!";
} elseif (strlen($password)>30||strlen($password)<5) {
echo "Your password must be between 5 and 30 characters long!";
} else {
$password = password_hash($password);
$password2 = password_hash($password2);
$query = mysqli_query('INSERT INTO users VALUES ("","$uname","$fname","$lname","$email","$password","$signup_date","0")');
die("<h2>Welcome to HackerBits</h2>Login to your account to get started . . . ");
}
} else {
echo "Your passwords don't match!";
}
} else {
echo "Please fill in all of the fields.";
}
} else {
echo "Username already taken . . . ";
}
} else {
echo "Your emails don't match!";
}
}
?>


I know it is messy, I am new to php, only 1 week in. So like I said it goes to the
die("<h2>Welcome to HackerBits</h2>Login to your account to get started . . . ");
part of the code with no errors. Then when I go to my database the user is not in the table. Which means I can then go back to the registration form and put in the same values.

Sorry if this is a bad question, new to stakeoverflow, just tell me and I will fix it up :) I can also give you more info if needed. I am using MAMP by the way.

I connect to the database with the included script:

<?php
$db = new mysqli('mysql:host=localhost;dbname=users_table', 'root', 'taken-out');
?>


Errors given:


Warning: mysqli_query() expects at least 2 parameters, 1 given in /Users/darceymckelvey/Desktop/php/social_network/index.php on line 27

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Users/darceymckelvey/Desktop/php/social_network/index.php on line 28

Warning: password_hash() expects at least 2 parameters, 1 given in /Users/darceymckelvey/Desktop/php/social_network/index.php on line 37

Warning: password_hash() expects at least 2 parameters, 1 given in /Users/darceymckelvey/Desktop/php/social_network/index.php on line 38

Warning: mysqli_query() expects at least 2 parameters, 1 given in /Users/darceymckelvey/Desktop/php/social_network/index.php on line 39


They are all warnings which I don't think are fatal because it still executes the code to display the login message.

I have tried these lines:

$username_check = mysqli_query($db, "SELECT username FROM users WHERE username = '$uname'");


but same warnings.

Answer

Look at what you're using here:

$db = new mysqli('mysql:host=localhost;dbname=users_table', 'root', 'taken-out');

That isn't the syntax to connect with here using the MySQLi_ API, that is PDO syntax.

Those are two different animals altogether.

Read the manual

Example taken from it:

$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

/* check connection */
if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}

So, replace $mysqli with the variable you're using in your query, and pass the db connection to that mysqli_query() function, as I said from the get go.

This besides all the other comments I left in your question and won't retype nor paste, so go over them all again.

Plus, make sure all your POST arrays contain values. Your HTML form is unknown.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

Yet, do read the following Q&A on Stack in regards to what I said about password manipulation:

And this one in Code review:

Comments