Home > database >  Not inserting data into MySQL database
Not inserting data into MySQL database

Time:06-12

I am trying to make a form in HTML to insert data into MySQL database
HTML:

<!DOCTYPE html>
<html>
<form action="signup.php" method="post">
      <input type="text" id="name" name="name" required placeholder="Name"><br>
      <input type="text" id="uname" name="uname" required placeholder="Username"><br>
      <input type="text" id="aadhar" name="aadhar" required placeholder="Aadhar Card"><br>
      <input type="text" id="phone" name="phone" required placeholder="Phone Number"><br>
      <input type="password" id="password" name="password" required placeholder="Password"><br>

      <button type="submit" name="submit" >
      <p>Sign up</p>
      </button>
</form>
</body>
</html>

PHP:

<?php
     if(isset($_POST['submit'])){
        $uname = mysqli_real_escape_string($con, $_POST['uname']);
        $name = mysqli_real_escape_string($con, $_POST['name']);
        $aadhar = mysqli_real_escape_string($con, $_POST['aadhar']);
        $phone = mysqli_real_escape_string($con, $_POST['phone']);
        $password = mysqli_real_escape_string($con, $_POST['password']);
                    
        $pass = password_hash($password, PASSWORD_BCRYPT);
                    
        $aadharquery = "select * from users where aadhar='$aadhar;'";
        $query = mysqli_query($con, $aadharquery);
                    
        $aadharcount = mysqli_num_rows($query);
        if($aadharcount>0){
          echo 'email already exists';
          }
        else{
            $insertquery = 'INSERT INTO users(`name`, `uname`, `phone``, `aadhar`, `password`) VALUES(`$uname`, `$name`, `$aadhar`, `$phone`, `$pass`)';
                        
            $iquery = mysqli_query($con, $insertquery);
                        
            }
       }                    
?>

It is not uploading any data into the Database, is there something I am doing wrong?

CodePudding user response:

I have rewritten your code with Prepared statements & Few secured inputs

I highly recommend to check yourself & change anything if you need, any modifications according to your needs. ;)

<?php
     if( isset($_POST['submit']) && ($_SERVER['REQUEST_METHOD'] === 'POST') ){
        // Code Rewritten by Ajmal PraveeN (AP)

        # MUST FILTER ALL USER INPUTS and CHECK SQL TABLE STRUCTURE, (Passwords should not be filtered because of hashing)
        $uname = ($_POST['uname']);
        $name = ($_POST['name']);
        $aadhar = ($_POST['aadhar']);
        $phone = ($_POST['phone']);
        $password = ($_POST['password']);
        
        # In this case, we want to increase the default cost for BCRYPT to 12. Note that we also switched to BCRYPT, which will always be 60 characters.
        # Increased cost for much better secure hash
        $options = [
            'cost' => 12,
        ];
        $pass = password_hash($password, PASSWORD_BCRYPT, $options);
        
        $aadharquery = "select * from users where aadhar=?";
        // prepare and bind
        $stmt = $con->prepare($aadharquery);
        // set parameters and execute
        $stmt->bind_param("i", $aadhar);
        $stmt->execute();
        $result = $stmt->get_result(); // get the mysqli result
        $aadhar_user = $result->fetch_assoc(); // fetch data

        if($aadhar_user > 0){
          echo 'email already exists';
          }
        else{
            // Code Rewritten by Ajmal PraveeN (AP)
            
            // prepare and bind
            $stmt = $con->prepare("INSERT INTO users ('name', 'uname', 'phone', 'aadhar', 'password') VALUES (?, ?, ?, ?, ?)");
            // set parameters and execute
            $stmt->bind_param("sssis", $uname, $name, $aadhar, $phone, $pass);
            $iquery = $stmt->execute();

            if ($iquery === true) {
                echo 'New records created successfully';
            }
            else {
                echo 'Insert failed';
            }

            $stmt->close();
            $con->close();
                        
            }
       }
?>

HTML input types are changed here but make sure you use PHP user input filters

<!DOCTYPE html>
<html>
<form action="signup.php" method="post">
      <input type="text" id="name" name="name" required placeholder="Name"><br>
      <input type="text" id="uname" name="uname" required placeholder="Username"><br>
      <input type="number" id="aadhar" name="aadhar" required placeholder="Aadhar Card"><br>
      <input type="text" id="phone" name="phone" required placeholder="Phone Number"><br>
      <input type="password" id="password" name="password" required placeholder="Password"><br>

      <button type="submit" name="submit" >
      <p>Sign up</p>
      </button>
</form>
</body>
</html>

If this is useful or If you are facing any issue with the code let me know.. Thank you ♥

CodePudding user response:

I think problem with is in this line $aadharquery = "select * from users where aadhar='$aadhar;'"; you used '$aadhar;' remove that extra ; semicolon.

Page link:https//www.codepudding.com/database/438832.html

Prev:PHP OOP - Return results if not calling another method with it $obj->get() and $obj->get()->
Next:How to check the session variable contains some specific value
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding