Submitting form, mysql and php
I\'m new to php and sql and all that stuff, and I was watching a tutorial on youtube about forums in php and wonder why this code doesn\'t echo \"Success\" when submitting t
-
There are a few things wrong here.
You're using the wrong identifiers for your columns in (and being quotes):
('id', 'username', 'password', 'email')remove them
(id, username, password, email)or use backticks
(`id`, `username`, `password`, `email`)mysql_error()should have thrown you an error, but it didn't because of:- You're mixing MySQL APIs with
mysqli_to connect with, thenmysql_in your query.
Those two different APIs do not intermix with each other.
Use
mysqli_exclusively and change your present query to:if($query = mysqli_query($connect, "INSERT...and change
mysql_error()tomysqli_error($connect)as a rewrite for that block:
if(isset($_POST["submit"])){ if($query = mysqli_query($connect,"INSERT INTO users ('id', 'username', 'password', 'email') VALUES('', '".$username."', '".$password."', '".$email."')")){ echo "Success"; }else{ echo "Failure" . mysqli_error($connect); } }Just to test the error, make the changes as I outlined just above, while keeping the quotes around your columns the way you have it now. You will then see the error that MySQL will throw. You can then do as I've already outlined above and remove the quotes around the column names, or replace them with backticks.
The tutorial you saw may very well used backticks, but were probably not distinguishable enough for you to tell that they were indeed backticks and not single quotes.
However, your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.
I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.
I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.
Also, instead of doing:
$connect = mysqli_connect("localhost", "root", "") or die("Could not connect to server!"); mysqli_select_db($connect, "php_forum") or die("Could not connect to database!");You should be checking for errors instead, just as the manual states
$link = mysqli_connect("myhost","myuser","mypassw","mybd") or die("Error " . mysqli_error($link));- http://php.net/manual/en/function.mysqli-connect.php
So in your case:
$connect = mysqli_connect("localhost", "root", "","php_forum") or die("Error " . mysqli_error($connect));
Edit: and I changed
action="register.php"toaction=""since you're using the entire code inside the same page.<!DOCTYPE HTML> <html> <head> <title>Register</title> </head> <body> <form action="" method="POST"> Username: <input type="text" name="username"> <br/> Password: <input type="password" name="password"> <br/> Confirm Password: <input type="password" name="confirmPassword"> <br/> Email: <input type="text" name="email"> <br/> <input type="submit" name="submit" value="Register"> or <a href="login.php">Log in</a> </form> </body> </html> <?php require('connect.php'); $username = $_POST['username']; $password = $_POST['password']; $confirmPassword = $_POST['confirmPassword']; $email = $_POST['email']; if(isset($_POST["submit"])){ if($query = mysqli_query($connect,"INSERT INTO users (`id`, `username`, `password`, `email`) VALUES ('', '".$username."', '".$password."', '".$email."')")){ echo "Success"; }else{ echo "Failure" . mysqli_error($connect); } } ?>讨论(0) - You're mixing MySQL APIs with
-
:It will echo ;Failure' so executing this bit of code
else{ echo "Failure" . mysql_error(); }whenever $_POST["submit"]) is not set and it will be not set anytime you open you page (even if you navigate to it from your bookmark of from google search results) or when you submit you FORM in GET mode
讨论(0)
加载中...
- 热议问题