0

Upon clicking on the signup button , the page gets blank and information not stored on the database. The following is my code

<?php


{
echo "Connection failed: " . $e->getMessage();
}


if(isset($_POST['signup'])){

$firstname = $_POST['firstname'];




    if($firstname ==''){
    echo "<script>alert('Please enter your name!')</script>";
    exit();
    }


$query = "insert into users(firstname) VALUES ($firstname) ";
$query = $conn->prepare($query);
$query->bindParam('1', $firstname);

$query->execute();
if($query->rowCount() > 0) {
    echo "<script>window.open('index.php','_self')</script>";
    exit();
}
}
karthik morgan
  • 11
  • 3
  • `{ echo "Connection failed: " . $e->getMessage(); }` is not a right way of writing code. – Praveen Kumar Purushothaman Jul 07 '19 at 08:22
  • sorry sir..this is the full code // PDO connect $servername = "localhost"; $username = "root"; $password = ""; $dbname = "ecomm"; try { $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password); // set the PDO error mode to exception $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //echo "Connected successfully"; } catch(PDOException $e) { echo "Connection failed: " . $e->getMessage(); } – karthik morgan Jul 07 '19 at 08:24
  • try to add html code also. – Akhilesh Jul 07 '19 at 08:27
  • here you go sir ..
    – karthik morgan Jul 07 '19 at 08:31
  • Possible duplicate of [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Dharman Jul 07 '19 at 09:51

1 Answers1

0

Need to bind parameter with query properly.

If you are using PDO then use this to bind the firstname 

$query = "insert into users(firstname) VALUES (:firstname)";
$query = $conn->prepare($query);
$query->bindParam(':firstname', $firstname);
$query->execute();

OR

If you are using Mysqli then

$stmt = $conn->prepare("insert into users(firstname) VALUES (?)");
$stmt->bind_param("s",$firstname);
$stmt->execute();
Mangesh Auti
  • 1,150
  • 1
  • 5
  • 12