CODEWITHSUNDEEP
phpmysqlforms
Bryan Silva
Bryan Silva

Reputation: 1

Why is mysqli_query() sending empty strings to my database?

I'm making a register form in html and I can't make it save the data to the database, everything I send is an empty string! I don't know what's so bad with the code, I don't think the syntax is wrong, hope someone here can help me to see here I have gone wrong:

<?php

$con = mysqli_connect("localhost", "neosoftw_lambda", "7s3684129", "neosoftw_lambdaMovil");

if(mysqli_connect_errno()){
        echo "Error al conectar con MySQL: " . mysqli_connect_error();
}

$sql = "INSERT INTO usuarios VALUES(NULL, '$_POST[txt_empresa]', '$_POST[txt_usuario]', PASSWORD('$_POST[txt_password]'), '$_POST[txt_email]');";

if(!mysqli_query($con, $sql)){
        die('Error: ' . mysqli_error($con));
 }

 echo "1 registro a&ntilde;adido.";

 mysqli_close($con);

?>

Is it maybe because of the HTML form?

<form id = "registro_usuarios" action="grabar.php" method="post">
    <font color="#897687"<p><label> Nombre empresa: </label><br/><input type="text" name="empresa" id="txt_empresa" title="Aqu&iacute; usted introducir&aacute; el nombre de la empresa."><br/><hr bgcolor="blue"/></p>
    <p><label> Nombre usuario: </label><br/><input type="text" name="usuario" id="txt_usuario"><br/><hr bgcolor="blue"/></p>
    <p><label> Contrase&ntilde;a: </label><br/><input type="password" name="password" id="txt_password"><br/><hr bgcolor="blue"/></p>
    <p><label> Verificar contrase&ntilde;a: </label><br/><input type="password" name="ver_password" id="txt_ver_password"><br/><hr bgcolor="blue"/></p>
    <p><label> E-mail empresa: </label><br/><input type="text" name="mail_empresa" id="txt_email"><br/><hr bgcolor="blue"/></p>
    <input type="submit" value="Registrar usuario">
</form>

I don't see an error there neither...

Thanks in advance.

EDIT

I solved it by using the name of the HTML form input instead of its ID.

Thank you for your help, and I will take a look at SQL Injection to protect my queries.

Upvotes: 0

Views: 159

Answers (2)

SKM
SKM

Reputation: 71

Your html tag is wrong . Remove title attribute within input tag.

correct:

 <font color="#897687"<p><label> Nombre empresa: </label><br/><input type="text" name="empresa" id="txt_empresa"><br/><hr bgcolor="blue"/></p>

Upvotes: 3

Stormsson
Stormsson

Reputation: 1541

try this:

$sql = "INSERT INTO usuarios VALUES(NULL, '{$_POST['txt_empresa']}', '{$_POST['txt_usuario']}', PASSWORD('{$_POST['txt_password']}'), '{$_POST['txt_email']}');";

obviously,as stated,this is a very unprotected query

Upvotes: -2

Related Questions