Question:

Inserting users into database not working.?

David

2013-08-02 13:05:56 UTC

I am trying to do a registration from and its not working. I have done a simple one for right now but it does not insert users into database nor heads to home.php. If i enter wrong password it does tell me that my passwords do not match or if I don't complete all the fields it tells me that all the fields are not complete. Also, instead of adding new user I get this print instead New Record has username 0.

echo "

Register

";
$submit = filter_input(INPUT_POST,'submit');
$username = strip_tags(filter_input(INPUT_POST,'username'));
$password = strip_tags(filter_input(INPUT_POST,'password'));
$repeatpassword = strip_tags(filter_input(INPUT_POST,'repeatpassword'));
$date = date("y-m-d");
if($submit) {
if ($username&&$password&&$repeatpassword) {
if ($password == $repeatpassword) {
if(strlen($username) > 25) {
echo "Length of username or password is too long!";
}
else {
if(strlen($password) > 25 || strlen($password) < 6) {
echo "password must be between 6 and 25 characters long!";
}
else {
$password = md5($password); // encrypt password
$repeatpassword = md5($repeatpassword);
$mysqli = new mysqli('localhost', 'fake_user', 'my_password', 'my_db');
$result = $mysqli->query("INSERT INTO users(username,password) VALUES ('{$username}','{$password}')");
printf ("New Record has username %d.\n", $mysqli->insert_username);
$mysqli->query("DROP TABLE users");
header('location:home.php);

}
}
}
else
echo "Your passwords do not match";
}
else
echo ("Please fill in all fileds!");
}
?>

Three answers:

2013-08-02 13:23:36 UTC

Before you even start, the drop table instruction is a total killer. Your whole method is a mess. Far to complex and goes nowhere. And do you have a correct user name and password set up in mysql as the web site user for this? Quite honestly I suggest you read the mysql manual and php manual, both available on line. There are serious security issues with accepting data entry from members of the public. Within a few days a hacker can take over your site and be running their own server in the background as a bank phishing site or child porn site. Then do not try to copy a script and hope it works, build a script that filters the inut for control characters or scripts that allow access to the system. Otherwise there is a small piece of code that can be entered into ANY password field and would allow full access to the site with NO password. Also do not let people just sign up. You should first collect their details and then verify them first. Easiest is to email them a link with a randomly generated code, This code can be held on data for a few days and if they do verify by following the link you know at least it is a genuine email. Only then should you pass their user name and password to the user database to allow them to log in.

lindgren

2016-10-14 03:04:54 UTC

staring at a glance, it appears like in this assertion $sq. = "INSERT INTO t_user(u_id, firstName, lastName, busName, eAddress, contactNo, uname, passw) VALUES ('', $firstN, $lastN, $busName, $e_mail, $contactNo, $uname, $passw)"; u could have given ' at initiate and end of those database fields the place that's putting chars/strings. Like , $sq. = "INSERT INTO t_user(u_id, firstName, lastName, busName, eAddress, contactNo, uname, passw) VALUES ('', '$firstN', '$lastN', '$busName', '$e_mail', '$contactNo', '$uname', '$passw')"; im uncertain no remember if all and sundry of those fields are varchar or no longer. supply single expenditures on the place that's. a extra constructive thank you to debug is to run the question quickly in mysql if u have motives to have faith that it is the question that's the wrongdoer. wish this enables...........

Chris D

2013-08-02 13:12:15 UTC

Before you write any more code go and read up on SQL injection attacks. Then go back and change your code to use bind variables.

This is important.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese

Loading...