html form with php does not connect and display no error either

Question

I have got this code (HTML form) and one more file (PHP logic) but clicking on the Submit button nothing happens -- no errors either. Pls help what's wrong.

<html>
<head>
<title> Registeration Form</title>
<link rel="stylesheet" type="text/css" href="design.css">
</head>
<body>
<div class = "title"><h1>Register form </h1></div>
<div class = "container">
    <div class="left"></div>
    <div class="right">
        <div class="formBox">
            <form action="" method="POST">
                <input type="text" id="fname" name="firstname" placeholder="First Name"/>
                <input type="text" id="lname" name="lastname" placeholder="Last Name"/>
                <input type="text" id="email" name="email" placeholder="Email"/>
                <input type="password" name="password1" placeholder="Password" />
                <input type="password" name="password2" placeholder="Confirm Password" />
                <input type="submit" name="submit">

            </form>
        </div>
    </div>
</div>

<?php


if (isset($_POST["submit"]))
{
    require'dbconnect.php';


    $firstname          = $_POST["firstname"];
    $lastname           = $_POST["lastname"];
    $email              = $_POST["email"];
    $password           = $_POST["password1"];
    $confirmPass        = $_POST["password2"];
    $encryptedPassword  = md5($password);


    mysqli_query($link,"insert into users(FirstName, LastName, Email, Password)
                values ($firstname, $lastname, $email,'$encryptedPassword')");
    echo "<br>";
}


?>


</body>
</html>

Here is PHP code -- that connects to SQL ... I'm using WAMP64 bit on Windows 10 but i have a similar setup that has no issue but this code is not working ... i tried all that i could.

<?php

//Hostname on which MYSQL is stored
$hostname = "localhost";  
//MySQL server Username ... which is root
$username = "root";
// MySQL password which by default is empty 
$password = "";
//Database name to which we connect... 
$dbname = "signup";

// Connection to database;

$link = mysqli_connect ($hostname,$username,$password);

if (!$link){

    die ("Could not connect: ".mysql_error());

}

mysqli_select_db($link, $dbname);


?>

Your script is at risk of [SQL Injection Attack](//stackoverflow.com/questions/60174) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](//stackoverflow.com/questions/5741187) Use [prepared parameterized statements](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, May 02 '18 at 01:07
You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. — John Conde, May 02 '18 at 01:08
`md5()`is obsolete for hashing passwords and should *not be used*. PHP provides [password_hash()](http://php.net/manual/en/function.password-hash.php) and [password_verify()](http://php.net/manual/en/function.password-verify.php), please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet). If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat). — John Conde, May 02 '18 at 01:08
Display your [errors](https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) — hungrykoala, May 02 '18 at 01:31
What do you mean by "not working"? Do you get any errors? Add [error reporting](//php.net/manual/function.error-reporting.php) at the top of your file(s): `ini_set("display_errors", 1); error_reporting(E_ALL);` and tell us what you get. — Isiah Meadows, May 02 '18 at 01:55

Lachie · Accepted Answer · 2018-05-02T02:05:18.580

EDIT:

Refer to the documentation of the mysqli_query function on W3schools. They outline the correct approach to the way you implement your script. There is nothing wrong with your HTML code; that section is fine. It is purely to do with your PHP. PHP won't catch any errors in this instance you provided; however, you would need to catch errors using the mysqli_error function.

Another thing to note, in your code you don't encapsulate your values with single quotes '. This is also likely to cause a MySQL error as I believe it is part of the syntax (except for integers).

Remember, when coding Google is your best friend alongside the actual PHP docs.

Here is how I would structure my MySQLi:

<?php
if (isset($_POST["submit"]))
{
    require('dbconnect.php');


    $firstname          = $_POST["firstname"];
    $lastname           = $_POST["lastname"];
    $email              = $_POST["email"];
    $password           = $_POST["password1"];
    $confirmPass        = $_POST["password2"];
    $encryptedPassword  = md5($password);


    $sql = "INSERT INTO users(FirstName, LastName, Email, Password)
                VALUES ('$firstname', '$lastname', '$email', '$encryptedPassword')";

  if ($conn->query($sql) === TRUE) {
      echo "New record created successfully";
  } else {
      echo "Error: " . $sql . "<br>" . $conn->error;
  }
}
?>

and the dbconnect.php file to the following:

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "signup";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
?>

What I've done is I've set up MySQLi another way. The values within the INSERT I've put into single quotes and have also adding in a way for you to catch any errors produced by MySQL.

As others have mentioned above; md5 is not a secure way to protect your passwords and your script is at risk of SQL Injection

Hope this points you in the right direction!

Anyone care to explain downvote? The script, I provided while still not secure; answers his question. He wanted the script to work. I have outlined that there are still security concerns within this. — Lachie, May 02 '18 at 01:35
I didn't downvote but you don't actually tell them how to make the script work. You just tell the how to debug it which doesn't actually answer the question. It also doesn't add any real value as the comments tell them all of this already. — John Conde, May 02 '18 at 01:45
@JohnConde good point. I have updated it to explain my thought process, what I believe the issue is and what he should do to detect the issue. — Lachie, May 02 '18 at 02:06

html form with php does not connect and display no error either

1 Answers1