Storing data entered when signing up

Question

I need to create a sign up page that will store user name email passwords and put them in a database so that the user can then login and access a profile etc.

I have made a database database however nothing will go into it. I input one manually but anything I try to do from the webpage won't go to the database.

Code for the webpage: Signup is the page I want displayed and adduser is the code for adding the data to the database.

Signup:

    <?php include '../view/header.php';
 ?>
<br>
<br>
<h1 class="light white-text text-lighten-3">Sign up!</h1>
<br>
<br>
<form class="form" id="signup" action="addUser.php" method="post">  


     <div class="form-group ">
        <label for="email">Email</label>
        <input type="email" class="form-control" id="email" name="email" placeholder="Enter Your Email">
    </div>
    <br>
      <div class="form-group ">
            <input id="user_name" type="text" class="validate" name="user_name"required="required">
          <label for="user_name">User Name</label>
        </div>
    <br>
      <div class="form-group col s6">
        <label for="password">Password</label>
        <input type="password" class="form-control" id="password" name="password" placeholder="Enter a Password">
    </div>
    <br>

    <br>
     <button type="submit" class="orange btn btn-primary">Submit</button>  
</form>  


<?php

include '../view/footer.php';

AddUser:

<script src="../js/materialize.js" type="text/javascript"></script>
<script src="../js/materialize.min.js" type="text/javascript"></script>
<script src="../js/init.js" type="text/javascript"></script>
<?php

$server = "localhost";
$username = 'root';
$Password ="";
$database = 'commish';

$con = mysqli_connect($server, $username, $Password, $database);


$email    = filter_input(INPUT_POST, 'email');

$user_name    = filter_input(INPUT_POST, 'user_name');

$password    = filter_input(INPUT_POST, 'password'); 

new_user( $user_name, $password,$email, $con);
function new_user($user_name, $password, $email,$con) 
{
    global $con;
    $query = "INSERT into users (user_name, password, email) VALUES (:user_name, :password, :email)";
    $statement = $con->prepare($query);
    $statement->bindValue(":user_name", $user_name);
    $statement->bindValue(":password", $password);
    $statement->bindValue(":email", $email);
    $statement->execute();
    echo 'Successfully created new user';
}

Make sure that you __know__ what is `PDO` and what is `mysqli` — u_mulder, May 06 '16 at 20:37
@UmairShahYousafzai Fatal error: Uncaught Error: Call to a member function bindValue() on boolean in C:\xampp\htdocs\Project\controller\addUser.php:26 Stack trace: #0 C:\xampp\htdocs\Project\controller\addUser.php(20): new_user('bob', NULL, NULL, Object(mysqli)) #1 {main} thrown in C:\xampp\htdocs\Project\controller\addUser.php on line 26 — EmilyP, May 06 '16 at 20:39
There's no `bindValue()` method in `mysqli`. Use [bind_param()](http://php.net/manual/en/mysqli-stmt.bind-param.php). — Rajdeep Paul, May 06 '16 at 20:41
@EmilyP : You are making it too hard on yourself..Why don't you try the simple and real easy way to do this..! I am going to write an answer to you..! — Umair Shah Yousafzai, May 06 '16 at 20:44
@Rajdeep i changed to param but i now have this error : Fatal error: Uncaught Error: Call to a member function bind_param() on boolean in C:\xampp\htdocs\Project\controller\addUser.php:26 Stack trace: #0 C:\xampp\htdocs\Project\controller\addUser.php(20): new_user('bob', NULL, NULL, Object(mysqli)) #1 {main} thrown in C:\xampp\htdocs\Project\controller\addUser.php on line 26 — EmilyP, May 06 '16 at 20:45
This looks like PDO code, but it's implemented with `mysqli`. If you're just getting started here, convert all that to PDO because using named placeholders, like you've got here, is way better but isn't supported in `mysqli`. You can even simplify it with `$statement->execute(array('user_name' => $user_name, ...))` to reduce the number of lines required. Nice to see you're using prepared statements, though! — tadman, May 06 '16 at 20:54
**WARNING**: Maybe it's too late for this project, but writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/5.2/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and never store passwords as plain-text. — tadman, May 06 '16 at 20:55
@EmilyP Have you looked at *Example #1* of the [documentation](http://php.net/manual/en/mysqli-stmt.bind-param.php)? Also never store password as a plain readable text, always perform [salted password hashing](https://crackstation.net/hashing-security.htm) on raw password before inserting it into the table. — Rajdeep Paul, May 06 '16 at 20:59
You're pretty close, it mostly involves changing how you define the connection. [Here's a crash course on PDO](http://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059) if you need one, but the [official documentation](http://php.net/manual/en/book.pdo.php) is also pretty good and I'd encourage anyone learning PDO to give it a read, there's a lot of answers in there. — tadman, May 06 '16 at 21:01
Can anybody tell me I am trying to add `?>` to my answer in the last code and when I add it so every code turns into simple plan text..It might be a bug..Can anyone check that please??? — Umair Shah Yousafzai, May 06 '16 at 21:25

score 1 · Accepted Answer · edited May 23 '17 at 12:00

1

There's no bindValue() method in mysqli, PDO has. So here are the two approaches to solve your problem:

1)mysqli method:

Use bind_param() method to bind variables to your prepared statement. So your new_user() function should be like this:

function new_user($user_name, $password, $email,$con){
    $query = "INSERT into users (user_name, password, email) VALUES (?, ?, ?)";
    $statement = $con->prepare($query);
    $statement->bind_param("sss", $user_name, $password, $email);
    if($statement->execute()){
        echo 'Successfully created new user';
    }else{
        // query failed
    }
}

NOTE: Since you're passing the connection handler $con to this function, there's no need to use global $con;. Plus Globals are evil.

2)PDO method:

Keep your new_user() function as it is and change this line

$con = mysqli_connect($server, $username, $Password, $database);

to

$con = new PDO("mysql:host=$server;dbname=$database",$username,$Password);

Sidenote: Never store password as a plain readable text, always perform salted password hashing on raw password before inserting it into the table.

edited May 23 '17 at 12:00

Community

1
1

answered May 06 '16 at 23:00

Rajdeep Paul

16,801
3
16
34

Thank you for this ^-^ i used the bottom one and it comes up that i have added a new user however the user never shows up on my database? – EmilyP May 07 '16 at 13:52
@EmilyP Did you change the `new_user()` method? Also wrap this statement `$statement->execute()` inside if-else block, like this: `if($statement->execute()){ echo 'Successfully created new user'; }else{ echo 'query failed'; }` – Rajdeep Paul May 07 '16 at 13:57
i changed the $con line. It now comes up with query failed. – EmilyP May 07 '16 at 13:59
@EmilyP Okay, to debug this issue do this. After this line `$con = new PDO(...)` write these lines, `$con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);`. And wrap your execute statement inside if-else block like this: `if($statement->execute()){ echo 'Successfully created new user'; }else{ print_r($con->errorInfo()); }` – Rajdeep Paul May 07 '16 at 14:07
Fatal error: Uncaught PDOException: SQLSTATE[42S02]: Base table or view not found: 1146 Table 'commish.users' doesn't exist in C:\xampp\htdocs\Project\controller\addUser.php:23 Stack trace: #0 C:\xampp\htdocs\Project\controller\addUser.php(23): PDO->prepare('INSERT into use...') #1 C:\xampp\htdocs\Project\controller\addUser.php(18): new_user('bob', 'password', 'bob@gmail.com', Object(PDO)) #2 {main} thrown in C:\xampp\htdocs\Project\controller\addUser.php on line 23. – EmilyP May 07 '16 at 14:09
This is line 23 $statement = $con->prepare($query); – EmilyP May 07 '16 at 14:10
@EmilyP It says that `users` table doesn't exist in `commish` database, check whether this table actually exists or not, or does it have a different name. – Rajdeep Paul May 07 '16 at 14:13
I fixed that error. i had an s at the end of user and the column user_name didnt have the _ . However i am getting a new error at – EmilyP May 07 '16 at 14:15
Fatal error: Uncaught PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'username' in 'field list' in C:\xampp\htdocs\Project\controller\addUser.php:23 Stack trace: #0 C:\xampp\htdocs\Project\controller\addUser.php(23): PDO->prepare('INSERT into use...') #1 C:\xampp\htdocs\Project\controller\addUser.php(18): new_user('bob', 'password', 'bob@gmail.com', Object(PDO)) #2 {main} thrown in C:\xampp\htdocs\Project\controller\addUser.php on line 23 – EmilyP May 07 '16 at 14:15
Never mind i fixed it! Thank you so much for your help ^-^ – EmilyP May 07 '16 at 14:16

Amir Khorsandi · Answer 2 · 2018-09-16T21:31:43.740

There's no bindValue() method in mysqli, you should use bind_param()

new_user function :

   function new_user ($user_name, $password, $email) 
    {
        global $con;
        $stmt = $con->prepare("INSERT into users (user_name, password, email) VALUES (?,?,?)";
        $stmt->bind_param("sss", $user_name, $password, $email);
        $stmt->execute();
        $stmt_error = $stmt->error;
        $stmt->close(); 

        if ($stmt_error)
            echo 'Error on create new user: '.$stmt_error;
        else 
            echo 'Successfully created a new user';
    }

Storing data entered when signing up

2 Answers2