Reputation:
PHP data saving to database
==> index.php:
<form action="anotherpage.php" method="POST"/>
<br>Username: <input type="text" name="user_name"><br><br>
Password: <input type="password" name="pwd"><br><br>
Repeat: <input type="password" name="pwd2"><br><br>
<input type="radio" name="sex" value="male">Male<br>
<input type="radio" name="sex" value="female">Female<br><br>
<input type="submit" value="Submit">
</form>
This is my index.php and I created an "anotherpage.php".
==> anotherpage.php
<?php
define('DB_NAME', 'test');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: '. mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use '.DB_NAME.': '.mysql_error());
}
echo 'Connected successfully!<br>';
$username = mysql_real_escape_string($_POST['user_name']);
$password = mysql_real_escape_string($_POST['pwd']);
$sexuality = mysql_real_escape_string($_POST['sex']);
$sql = "INSERT INTO users (username, password, sexuality) VALUES ('".$username."','".$password."','".$sexuality."')";
if (!mysql_query($sql)) {
die('Error: '. mysqli_error($con));
}
if(isset($_POST['user_name']) &&! empty($_POST['user_name']) && isset($_POST['pwd2']) &&! empty($_POST['pwd2']) && isset($_POST['pwd']) &&! empty($_POST['pwd']) && isset($_POST['sex']) &&! empty($_POST['sex']) or die('PART\'S ARE NOT FILLED!'))
{
$user_name = $_POST['user_name'];
$user_name_up = strtoupper($user_name);
$pwd = $_POST['pwd'];
$pwd2 = $_POST['pwd2'];
$sex = $_POST['sex'];
$fp = fopen("formdata.txt", "a");
$savestring = $user_name . "," . $pwd.",".$pwd2.",".$sex." - ";
fwrite($fp, $savestring);
fclose($fp);
}
if($pwd == $pwd2 or die('DIFFERENT PASSWORDS!'))
{
echo $user_name_up.' ALL TAKEN!<BR>THANK YOU!!!<br><h1>You data has been saved!</h1>';
}
?>
I can save the input to database now. But the think is i want to do this think if my if statement comes true. Otherwise even if the passwords dont match i save the input to database. How can i do that?
If i change the place of my code i get an error.
MANY THANKS FROM NOW! :)
Upvotes: 0
Views: 399
Answers (1)
Reputation: 379
Please be aware of sql injections, please read the treat How can I prevent SQL injection in PHP?
The sql is misplaced, the part below must put into the same if statement as where you save the file.
$sql = 'INSERT INTO users (username, password, sexuality) VALUES ("$_POST[user_name]","$pwd","$sex")';
if (!mysql_query($sql)) {
die('Error: '. mysqli_error($con));
}
You have also change the quotes and add string concats to get it worked correctly
$sql = "INSERT INTO users (username, password, sexuality) VALUES ('".$_POST['user_name']."','".$pwd."','".$sex."')";
if (!mysql_query($sql)) {
die('Error: '. mysqli_error($con));
}
But be aware the code above is still unsafe, the code below is a little more safe
$username = mysql_real_escape_string($_POST['user_name']);
$password = mysql_real_escape_string($pwd);
$sexuality = mysql_real_escape_string($sex);
$sql = "INSERT INTO users (username, password, sexuality) VALUES ('".$username."','".$password."','".$sexuality."')";
Its not wise to save passwords directly into the database, please read the follow How to change a SALT password in a database using PHP?
Upvotes: 1
Related Questions
- Data not being saved in DB via PHP form
- Unable to save data to db
- Codeigniter PHP Saving data in database
- Save Data via PHP Script
- Save input into database
- PHP - Save data $_POST array into database mysql
- Data are not saved into database eventhough the code works correctly
- Saving data to a database
- Save a Form on Database
- php POST data and saving it