CODEWITHSUNDEEP
phpmysql
user2236990
user2236990

Reputation: 39

PHP storing variables

I have this code (shown below) and the variable $first_name=$_POST['first_name']; does not seem to work. I have username, password and title working. Is it something to do with the use of the underscore? I have checked that it matches with the database. When the user creates an account that line where the first_name is stored throws up an error and does not display the name entered in the database. Any ideas?

<?php
/* This code will make a connection with database */
$con=mysql_connect("localhost","","");

/* Now, we select the database */
mysql_select_db("");

/* Now we will store the values submitted by form in variable */
$username=$_POST['username'];
$pass=$_POST['password'];
$title=$_POST['title'];
$first_name=$_POST['first_name'];
/* we are now encrypting password while using md5() function */
$password=md5($pass);
$confirm_password=$_POST['confirm_password'];

/* Now we will check if username is already in use or not */
$queryuser=mysql_query("SELECT * FROM Customer WHERE username='$username' ");
$checkuser=mysql_num_rows($queryuser);
if($checkuser != 0)
{ echo "Sorry, ".$username." is already been taken."; }
else {

/* now we will check if password and confirm password matched */
if($pass != $confirm_password)
{ echo "Password and confirm password fields were not matched"; }
else {

/* Now we will write a query to insert user details into database */
$insert_user=mysql_query("INSERT INTO Customer (username, password, title, first_name) VALUES ('$username', '$password', '$title', '$first_name')");

if($insert_user)
{ echo "Registration Succesfull"; }
else
{ echo "error in registration".mysql_error(); }

/* closing the if else statements */
}}

mysql_close($con);
?>

Thanks!

HTML form

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8" />
        <meta name="viewport" content="width=device-width, initial-scale=1" />
        <meta name="apple-mobile-web-app-capable" content="yes" />
        <meta name="apple-mobile-web-app-status-bar-style" content="black" />
        <title>
        </title>
        <link rel="stylesheet" href="https://ajax.aspnetcdn.com/ajax/jquery.mobile/1.2.0/jquery.mobile-1.2.0.min.css" />
        <link rel="stylesheet" href="my.css" />
        <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js">
        </script>
        <script src="https://ajax.aspnetcdn.com/ajax/jquery.mobile/1.2.0/jquery.mobile-1.2.0.min.js">
        </script>
        <script src="my.js">
        </script>
        <!-- User-generated css -->
        <style>
        </style>
        <!-- User-generated js -->
        <script>
            try {

    $(function() {

    });

  } catch (error) {
    console.error("Your javascript has an error: " + error);
  }
        </script>
    </head>
    <body>
        <!-- Home -->
        <div data-role="page" id="page1">
            <div data-theme="a" data-role="header">
            <a data-role="button" data-theme="d" href="Login.html" data-icon="arrow-l" data-iconpos="left" class="ui-btn-left">
                    Back
                </a>
                <a data-role="button" href="index.html" data-icon="home" data-iconpos="right" data-theme="d"class="ui-btn-right">
                 Home  
                </a>
                <h3>
                    Registration
                </h3>
            </div>
            <div data-role="content">
                <h4>
                    Enter your details below to register:
                </h4>

            <form method="post" action="Login.php">
            <table border="0">
            <tr><td>Title: </td><td><input type="text" name="title" /></td></tr>

            <tr><td>First Name: </td><td><input type="text" name="name" /></td></tr>

            <tr><td>Username: </td><td><input type="text" name="username" /></td></tr>

            <tr><td>Password: </td><td><input type="password" name="password" /></td></tr>

            <tr><td>Confirm Password: </td><td><input type="password" name="confirm_password" /></td></tr>

            <tr><td></td><td><input type="submit" value="submit" /></td></tr>

            </table>
            </form>
                <div data-role="content">
                <h4>
                 Please ensure your username and password are kept secure.
                </h4>

                <br />
            </div>
        </div>
    </body>
</html>

Upvotes: 1

Views: 2311

Answers (4)

Sabari
Sabari

Reputation: 6335

The issue is that your form attribute for input text for first name is name not first_name . So you should change 

$first_name=$_POST['first_name'];

to

$first_name=$_POST['name'];

or change your name attribute to first_name

Also do proper escaping for all fields before inserting

<?php
/* This code will make a connection with database */
$con=mysql_connect("localhost","","");

/* Now, we select the database */
mysql_select_db("");

/* Now we will store the values submitted by form in variable */
$username= mysql_real_escape_string($_POST['username']);
$pass= mysql_real_escape_string($_POST['password']);
$title= mysql_real_escape_string($_POST['title']);
$first_name= mysql_real_escape_string($_POST['name']);

/* we are now encrypting password while using md5() function */
$password= md5($pass);
$confirm_password= mysql_real_escape_string($_POST['confirm_password']);

/* Now we will check if username is already in use or not */
$queryuser=mysql_query("SELECT * FROM Customer WHERE username='$username' ");
$checkuser=mysql_num_rows($queryuser);
if($checkuser != 0)
{ echo "Sorry, ".$username." is already been taken."; }
else {

/* now we will check if password and confirm password matched */
if($pass != $confirm_password)
{ echo "Password and confirm password fields were not matched"; }
else {

/* Now we will write a query to insert user details into database */
$insert_user=mysql_query("INSERT INTO Customer (username, password, title, first_name) VALUES ('$username', '$password', '$title', '$first_name')");

if($insert_user)
{ echo "Registration Succesfull"; }
else
{ echo "error in registration".mysql_error(); }

/* closing the if else statements */
}}

mysql_close($con);
?>

Upvotes: 3

rinchik
rinchik

Reputation: 2670

Change this:

$insert_user=mysql_query("INSERT INTO Customer (username, password, title, first_name) VALUES ('$username', '$password', '$title', '$first_name')");

To this:

$insert_user=mysql_query("INSERT INTO Customer (username, password, title, first_name) VALUES ('".$username."', '".$password."', '".$title."', '".$first_name."')");

UPDATE

Please check that <input type="text" name="first_name"> has name="first_name"

Upvotes: 0

Sergi Juanola
Sergi Juanola

Reputation: 6647

Well, it looks like your form doesn't contain a first_name item, but name. Change it back to first_name

Upvotes: 0

Raheel Hasan
Raheel Hasan

Reputation: 6023

alter it to this:

$first_name = mysql_real_escape_string($_POST['first_name']);

you are currently saving without any sanitization or escaping.

Upvotes: 0

Related Questions