1

I'm very new to PHP and have to use it for school to make a prototype login/signup page. However I am having an issue inserting values from a sign up form into a MySQL database. I have created a customers table in a UTTCv5 schema on phpmyadmin. I sourced the code from this website https://www.tutorialrepublic.com/php-tutorial/php-mysql-login-system.php and edited it to add the first name and credit card number. However, when I complete and submit the form, the data is not added to the customers table.

config.php:

<?php
/* Database credentials */
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_NAME', 'utccv5');

/* Attempt to connect to MySQL database */
$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);

// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}
?>

register.php:

<?php
// Include config file
require_once "config.php";

// Define variables and initialize with empty values
$username = $password = $first_name = $credit_card = "";
$username_err = $password_err = $first_name_err = $credit_card_err = "";

// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){

    // Validate email
    if(empty(trim($_POST["username"]))){
        $username_err = "Please your email.";
    } else{
        Prepare a select statement  
        $sql = "SELECT email FROM customers WHERE email = ?";

        if($stmt = mysqli_prepare($link, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_username);

            // Set parameters
            $param_username = trim($_POST["username"]);

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                /* store result */
                mysqli_stmt_store_result($stmt);

                if(mysqli_stmt_num_rows($stmt) == 1){
                    $username_err = "This email is already taken.";
                } else{
                    $username = trim($_POST["username"]);
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }

            // Close statement
            mysqli_stmt_close($stmt);
        }
    }

    // Validate password
    if(empty(trim($_POST["password"]))){
        $password_err = "Please enter a password.";     
    } elseif(strlen(trim($_POST["password"])) < 6){
        $password_err = "Password must have atleast 6 characters.";
    } else{
        $password = trim($_POST["password"]);
    }

    // Validate first name
    if(empty(trim($_POST["first_name"]))){
        $first_name_err = "Please enter your first name.";     
    } elseif(strlen(trim($_POST["first_name"])) < 1){
        $first_name_err = "Your first name must have atleast 1 character.";
    } else{
        $first_name = trim($_POST["first_name"]);
    }

    // Validate credit
    if(empty(trim($_POST["credit_card"]))){
        $credit_card_err = "Please enter your credit card number.";     
    } elseif(strlen(trim($_POST["credit_card"])) < 16){
        $credit_card_err = "Your first name must have atleast 1 character.";
    } else{
        $credit_card = trim($_POST["credit_card"]);
    }



    // Check input errors before inserting in database
    if(empty($username_err) && empty($password_err) && empty($first_name_err) && empty($credit_card_err)){

        // Prepare an insert statement
        $sql = "INSERT INTO customers (username, password, first_name, credit_card) VALUES (?, ?, ?, ?, ?, ?)";

        if($stmt = mysqli_prepare($link, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "ssss", $param_username, $param_password, $param_first_name, $param_credit_card);

            // Set parameters
            $param_username = $username;
            $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
            $param_first_name = $first_name;
            $param_credit_card = $credit_card;

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Redirect to login page
                header("location: login.php");
            } else{
                echo "Something went wrong. Please try again later.";
            }

            // Close statement
            mysqli_stmt_close($stmt);
        }
    }

    // Close connection
    mysqli_close($link);
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Sign Up</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
    <style type="text/css">
        body{ font: 14px sans-serif; }
        .wrapper{ width: 350px; padding: 20px; }
    </style>
</head>
<body>
    <div class="wrapper">
        <h2>Sign Up</h2>
        <p>Please fill this form to create an Under the Clock account.</p>
        <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
            <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
                <label>Email</label>
                <input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
                <span class="help-block"><?php echo $username_err; ?></span>
            </div>    
            <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
                <label>Password</label>
                <input type="password" name="password" class="form-control" value="<?php echo $password; ?>">
                <span class="help-block"><?php echo $password_err; ?></span>
            </div>
            <div class="form-group <?php echo (!empty($first_name_err)) ? 'has-error' : ''; ?>">
                <label>First name</label>
                <input type="text" name="first_name" class="form-control" value="<?php echo $first_name; ?>">
                <span class="help-block"><?php echo $confirm_password_err; ?></span>
            </div>
            <div class="form-group <?php echo (!empty($credit_card_err)) ? 'has-error' : ''; ?>">
                <label>Credit Card</label>
                <input type="text" name="credit_card" class="form-control" value="<?php echo $credit_card; ?>">
                <span class="help-block"><?php echo $credit_card_err; ?></span>
            </div>
            <div class="form-group">
                <input type="submit" class="btn btn-primary" value="Submit">
                <input type="reset" class="btn btn-default" value="Reset">
            </div>
            <p>Already have an account? <a href="login.php">Login here</a>.</p>
        </form>
    </div>    
</body>
</html>
Ersoy
  • 6,908
  • 6
  • 25
  • 36
nking__
  • 11
  • 1
  • Show us error you get https://stackoverflow.com/questions/17053466/how-to-display-errors-for-my-mysqli-query – Jsowa May 17 '20 at 04:17
  • @Tajniak Thankyou but I'm still having the same issue as that user. I've tried die() and trigger_error() on the end of the insert statement but still the form has no errors but nothing gets submitted. – nking__ May 17 '20 at 05:08
  • I can't help without any clarity of problem. Try to limit your question in order to not analyze whole your code. Try with one simple query, etc. – Jsowa May 17 '20 at 05:40
  • Other aspects of improvemnt, use [password_hash](https://code-boxx.com/password-encrypt-decrypt-php/) for storing password. Use [unique key](https://stackoverflow.com/questions/51826738/checking-uniqueness-when-inserting-and-updating-efficiently/51832307#51832307) on email to prevent duplicates and catch exception to know if this condition was triggered. To resolve your issue, look for where php/web server output its error log and read that. – danblack May 17 '20 at 05:46
  • @danblack, thankyou i will make those improvements. I have checked the error log and it isn't giving any errors when i try to submit a form. The only error I am recieving is in phpmyadmin: `mysqli::real_connect(): (HY000/1045): Access denied for user '$root'@'localhost' (using password: YES)` `Connection for controluser as defined in your configuration failed.` – nking__ May 17 '20 at 06:18
  • "Prepare a select statement" is missing `//` in front of it. – user125661 May 18 '20 at 09:08
  • What have you tried to debug the problem? Where does that code go wrong? – Nico Haase May 18 '20 at 09:12
  • @NicoHaase No errors are coming up in the code, webpage or the web server error log but when I complete and submit the registration form, no data is added to the `customers` database. It is very similar to this -https://stackoverflow.com/questions/22138746/php-form-not-inserting-into-mysql-database issue. – nking__ May 18 '20 at 23:59

2 Answers2

0

Try to make these changes

  1. Prepare a select statement it should be commented //Prepare a select statement

  2. Check if your mysql user has insert permission. use this command: SHOW GRANTS FOR CURRENT_USER

Jameel Ahmed Ansari
  • 33
  • 5
  • Why should `$param_username = trim($_POST["username"]);` be before `bind_param`? – Dharman May 17 '20 at 12:04
  • Thankyou, I've made that statement a comment and checked my user permission. I do have insert permissions but I still can't seem to insert into the database tables on any of my pages. I think i will try to create a new account and granting permissions next. – nking__ May 19 '20 at 00:03
-1

First of all regarding mysql, you should not be using the root account in your scripts for security purposes and that may also be the cause due to server security restrictions.

Here you go on creating a new account & granting permissions

As @Jameel said you also need to comment non-PHP code by adding double forward slashes. I see they're there in some lines but not here

Prepare a select statement

Seif Hatem
  • 1,368
  • 2
  • 11
  • 20