I am trying to connect an html registration form with my mysql database through php. It establishes the connection correctly but it does not enter the data of the form. What am I doing wrong? Could you tell me how I should correct this error in one of the two files, so I correct it and try again. Thank you
Mi HTML
<!-- Register Form
========================= -->
<div >
<div >
<div >
<div >
<form action="registro.php" name="" method="post"
id="registerForm" method="post">
<div >
<input type="text" id="name" required placeholder="Full Name">
<span ><i ></i></span> </div>
<div >
<input type="email" id="email" required placeholder="Email Address">
<span ><i ></i></span> </div>
<div >
<input type="text" id="username" required placeholder="User Name">
<span ><i ></i></span> </div>
<div >
<input type="password" id="password" required placeholder="Password">
<span ><i ></i></span>
</div>
<div >
<button type="submit" id="submit">Sign Up</button>
</div>
</form>
<div >
<hr >
<span >OR</span>
<hr >
</div>
<div >
<ul >
<li ><a href="#" data-bs-toggle="tooltip" data-bs-original-title="Log In with Facebook"><i ></i></a></li>
<li ><a href="#" data-bs-toggle="tooltip" data-bs-original-title="Log In with Twitter"><i ></i></a></li>
<li ><a href="#" data-bs-toggle="tooltip" data-bs-original-title="Log In with Google"><i ></i></a></li>
<li ><a href="#" data-bs-toggle="tooltip" data-bs-original-title="Log In with Linkedin"><i ></i></a></li>
</ul>
</div>
</div>
</div>
</div>
<p >Copyright © 2021 <a href="#">Oxyy</a>. All Rights Reserved.</p>
</div>
<!-- Register Form End -->
</div>
and my registro.php
<?php
$user = "xxxxxx";
$pass = "xxxxxx";
$host = "localhost";
$connection = mysqli_connect($host, $user, $pass) or die ("Error con el servidor de la base de datos");
$name = $_POST["name"] ;
$email = $_POST["email"] ;
$username = $_POST["username"] ;
$password = $_POST["password"] ;
if(!$connection)
{
echo "No se ha podido conectar con el servidor" . mysql_error();
}
else
{
echo "<b><h3>Hemos conectado al servidor</h3></b>" ;
}
//indicamos el nombre de la base datos
$datab = "mapabnco_bd";
//indicamos selecionar ala base datos
$db = mysqli_select_db($connection,$datab);
if (!$db)
{
echo "No se ha podido encontrar la Tabla";
}
else
{
echo "<h3>Tabla seleccionada:</h3>" ;
}
$instruccion_SQL = "INSERT INTO users (name, email, username, password)
VALUES ('$name','$email','$username','$password')";
?>
CodePudding user response:
First of all, it is found that your HTML input boxes do not have the name attributes.
Please note that id attributes will not be processed when submitted to a PHP. Hence, please change the block in your HTML from :
<div >
<input type="text" id="name" required placeholder="Full Name">
<span ><i ></i></span> </div>
<div >
<input type="email" id="email" required placeholder="Email Address">
<span ><i ></i></span> </div>
<div >
<input type="text" id="username" required placeholder="User Name">
<span ><i ></i></span> </div>
<div >
<input type="password" id="password" required placeholder="Password">
<span ><i ></i></span>
</div>
to
<div >
<input type="text" id="name" name="name" required placeholder="Full Name">
<span ><i ></i></span> </div>
<div >
<input type="email" id="email" name="email" required placeholder="Email Address">
<span ><i ></i></span> </div>
<div >
<input type="text" id="username" name="username" required placeholder="User Name">
<span ><i ></i></span> </div>
<div >
<input type="password" id="password" name="password" required placeholder="Password">
Secondly, please note that you need to execute the insert query in order to make it effective.
You should also use prepared statement to avoid SQL injection attacks. Hence, please change the following line in your PHP
from:
$instruccion_SQL = "INSERT INTO users (name, email, username, password) VALUES ('$name','$email','$username','$password')";
to
$instruccion_SQL = "INSERT INTO users (name, email, username, password) VALUES (?,?,?,?)";
$stmt = mysqli_prepare($connection, $instruccion_SQL);
mysqli_stmt_bind_param($stmt, "ssss", $name, $email, $username, $password);
mysqli_stmt_execute($stmt);
Finally, please consider changing your system design and do not to store password in plain text in db. You may refer to the following links (and other related ones, for details):
Password_hash and Password_verify, store password too?
How to use PHP's password_hash to hash and verify passwords
CodePudding user response:
You are not executing the query you are only creating the query string, You need to execute the query like this
msyqli_query($connection, $instruccion_SQL);
and as suggested by Ken you need to change your design you are at high risk of very easy exploits