Could some one tell me what's wrong with my code? PHP,MySQL,HTML [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist

Closed 8 years ago.

Improve this question

Could someone explain to me what's wrong with my registration page? The database connection is fine but when I check the table there aren't any new users.

My HTML

<form action="register.php" method="post">
<input type="text" name="username" placeholder="username"><br/>
<input type="password" name="password" placeholder="password"><br/>
<input type="text" name="email" placeholder="E-mail"><br/>
<input type="submit" value="Submit">
</form>

My PHP

<?php

$user_name = "mah user name";
$password = "mah password";
$database = "Peoples";
$server = "mysql6.000webhost.com";

$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
$username = test_input($_POST["username"]);
$email = test_input($_POST["email"]);
$password = $_POST["password"];
$registered=0;

if ($db_found) {

$SQL = "INSERT INTO users (username,password,email,registered) VALUES ($username, $password, $email,$registered)";

$result = mysql_query($SQL);

mysql_close($db_handle);

print "Records added to the database";

}
else {

print "Database NOT Found ";
mysql_close($db_handle);

}

function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}

Sorrry If there is too much code. ?>

Answer 1

I've had these problems before, it generally takes a little sussing as MySQL errors don't show up as PHP errors - and so aren't printed to the page. Personally I'd make use of MySQLi with PHP as it has greater support for several things, just do a google search if you want specifics, sometimes SQL can just need wrapping the table and database names in queries with ` characters (left of 1 key on windows keyboards)

Try using the following code instead:

<?php
    // Init databse connection
    $db_handle = new mysqli("mysql6.000webhost.com","username","password","Peoples") or die("Database connection error");

    // check connection
    if ($db_handle->connect_errno) {
        printf("Connect failed: %s\n", $mysqli->connect_error);
        exit();
    }

    // Strip function for query string
    function test_input($data){
        $data = trim($data);
        $data = stripslashes($data);
        $data = htmlspecialchars($data);
        return $data;
    }

    $username = test_input($_POST["username"]);
    $email = test_input($_POST["email"]);
    $password = $_POST["password"];
    $registered=0;

    // Try insert query, sometimes wrapping the table name in ` characters solves the issue - only use on database and table names not values
    if($result = $db_handle->query("INSERT INTO `users` (username,password,email,registered) VALUES ('$username','$password','$email','$registered');")) {
        echo 'Records added to the database';
        // free result set
        $result->close();
    }
    else {
        echo 'Database NOT Found';
    }

    $db_handle->close();
?>

Also it's good practice to unset($var); 's but to be honest if you're expecting little traffic it's nothing really to worry about.

If you are holding user data in your database, holding raw passwords can upset people and you really shouldn't do it in the event that data gets stolen from you and then you have to explain to all your users why someone is running around with the username and password they like to use for everything they login to.

You should use:

$password = hash('sha256',$_POST['password']);

And store that string, or any other hash variant you prefer - sha256 happens to be the one I like to use. When a user tries to login you should again hash the password they've provided and check it against the hash stored in your database.

And finally some users might prefer you use SSL encryption for your domain if they are entering passwords online, again just do a google search if you are unfamiliar, any more questions I'll answer as best I can :)

Answer 2

Try to put function test_data before values.

<?php

  $user_name = "mah user name";
  $password = "mah password";
  $database = "Peoples";
  $server = "mysql6.000webhost.com";

  $db_handle = mysql_connect($server, $user_name, $password);
  $db_found = mysql_select_db($database, $db_handle);

  function test_input($data){
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
  }

  $username = test_input($_POST["username"]);
  $email = test_input($_POST["email"]);
  $password = $_POST["password"];
  $registered=0;


  /* or you could use PHP built in filters

  $username  = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
  $password  = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
  $email     = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
  */


  $SQL = "INSERT INTO users (username,password,email,registered) VALUES ('$username','$password','$email','$registered')";

  $result = mysql_query($SQL) or die(mysql_error());

  if($result) {
    echo 'Registration was successfull.';
  }
  else {
    echo 'Registration was not successfull';

  }

mysql_close($db_handle);
?>

more about built in filters PHP Filters