php - Canit insert into my MYSQL table
191
I am trying to make a registration form in which I have connected to the database and it can also check whether the username is unique or not but unfortunately, I can't insert the new data in my table. I would really appreciate if anyone could help me with this.
<?php
error_reporting(E_ALL ^ E_DEPRECATED);
include 'connect.inc.php';
if(isset($_POST['submit'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password2 = mysql_real_escape_string($_POST['password2']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
//md5 password
$password_hash = md5($password);
//check to see if the fields are empty
if(empty($username) || empty($password)|| empty($firstname)|| empty($lastname)) {
echo "Not all fields filled!<br /><br />";
exit();
}
//check if password is equal
if($password != $password2) {
echo "Your Passwords Do Not Match.<br />";
exit();
} else {
$query = "SELECT `username` From `users` WHERE username='$username'";
$result = mysql_query($query);
if(mysql_num_rows($result) ==1) {
echo "Sorry, that user has already exists.";
exit();
} else {
$query1= mysql_query("INSERT INTO `users` ('',username,password,firstname,lastname) VALUES ('','$username', '$password_hash', '$firstname', '$lastname'");
if($result1 = mysql_query($query1)) {
echo "Registered Successfully";
} else {
echo "Sorry, You could not Register";
}
}
}
}
?>
<form action="" method="POST">
Username:<br />
<input type="text" name="username" /><br /><br />
Password:<br />
<input type="password" name="password" /><br /><br />
Confirm Password:<br />
<input type="password" name="password2" /><br /><br />
First Name:<br />
<input type="text" name="firstname" /><br /><br />
Last Name:<br />
<input type="text" name="lastname" /><br /><br />
<input type="submit" value="Register" name="submit" />
</form>
Answer
Solution:
Your INSERT statement is missing a closing parenthesis.
By the way, I find it easier when doing a single-row INSERT to use an alternative syntax, so the column names and the value are matched up:
That's easier to make sure you have the columns matched up to the right variables. Also there's no closing parenthesis to worry about.
See http://dev.mysql.com/doc/refman/5.7/en/insert.html for details on this syntax.
You should also abandon the deprecated mysql extension, and use PDO instead. Read this nice tutorial: https://phpdelusions.net/pdo
And Jay Blanchard is correct that your code is insecure. Security, like correctness, is not an add-on feature. You mention you are a beginner, but you should not start developing bad habits. Read https://blog.codinghorror.com/youre-probably-storing-passwords-incorrectly/
Answer
Solution:
Try using
Answer
Solution:
Replace your else block with
From your comment, your INSERT QUERY is wrong. To find out what is wrong with your SQL query, add
var_export($query1, true)with die. i.e.My guess is that you are still using your old query which has '' as one of the column names.
Answer
Solution:
You want to probably insert the user id in the database.Define it as Autoincrement e remove the blank data from the query below:
Before:
After:
And you need also to replace the line with the code
if($result1 = mysql_query($query1)) {byif($result1) {