GeekByDesign
Reputation: 436
PHP not writing in MySQL database
I have an HTML page with input fields where I'm using PHP to validate and eventually write into my MySQL Database called 'fantasymock'. If validation is successful, the user is directed to an empty page called thankyou.php (using for testing purposes), which I am being directed to. But unfortunately, the data is not being written into the database.
I've looked on the web and previous SO posts and don't see a similar situation likes mines. Can someone look at it and possibly find the issue? Code is somewhat long and apologize. Thank you.
<?php
// define variables and set to empty values
$emailErr = $userErr = $passwordErr = $cpasswordErr = $firstErr = $lastErr = $teamErr = "";
$userid = $email = $username = $password = $cpassword = $firstname = $lastname = $teamname = "";
// The preg_match() function searches a string for pattern, returning true if the pattern exists, and false otherwise.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//Validates email
if (empty($_POST["email"])) {
$email = NULL;
$emailErr = "You Forgot to Enter Your Email!";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address syntax is valid
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
$email = NULL;
$emailErr = "You Entered An Invalid Email Format";
}
}
//Validates Username
if (empty($_POST["username"])) {
$username = NULL;
$userErr = "You Forgot to Enter Your Username!";
} else {
$username = test_input($_POST["username"]);
}
//Validates password & confirm passwords.
if (empty($_POST["cpassword"])) {
$password = NULL;
$cpassword = NULL;
$passwordErr = "You Forgot To Enter Your Password!";
}
if(!empty($_POST["password"]) && ($_POST["password"] == $_POST["cpassword"])) {
$password = test_input($_POST["password"]);
$cpassword = test_input($_POST["cpassword"]);
if (strlen($_POST["password"]) < '7') {
$password = NULL;
$passwordErr = "Your Password Must Contain At Least 8 Characters!";
}
elseif(!preg_match("#[0-9]+#",$password)) {
$password = NULL;
$passwordErr = "Your Password Must Contain At Least 1 Number!";
}
elseif(!preg_match("#[A-Z]+#",$password)) {
$password = NULL;
$passwordErr = "Your Password Must Contain At Least 1 Capital Letter!";
}
elseif(!preg_match("#[a-z]+#",$password)) {
$password = NULL;
$passwordErr = "Your Password Must Contain At Least 1 Lowercase Letter!";
}
}
elseif(!empty($_POST["password"])) {
$password = NULL;
$cpassword = NULL;
$passwordErr = "Please Check You've Entered Or Confirmed Your Password Correctly!";
}
//Validates firstname
if (empty($_POST["firstname"])) {
$firstname = NULL;
$firstErr = "You Forgot to Enter Your First Name!";
} else {
$firstname = test_input($_POST["firstname"]);
//Checks if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$firstname)) {
$firstname = NULL;
$firstErr = "You Can Only Use Letters And Whitespaces!";
}
}
if (empty($_POST["lastname"])) {
$lastname = NULL;
$lastErr = "You Forgot to Enter Your Last Name!";
} else {
$lastname = test_input($_POST["lastname"]);
//Checks if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$lastname)) {
$lastname = NULL;
$lastErr = "You Can Only Use Letters And Whitespaces!";
}
}
if (empty($_POST["teamname"])) {
$teamname = NULL;
$teamErr = "You Forgot to Enter Your Team Name!";
} else {
$teamname = test_input($_POST["teamname"]);
}
if ($email && $username && $password && $cpassword && $firstname && $lastname && $teamname) {
mysql_connect("localhost", "root", "");
@mysql_select_db("fantasymock") or die("Unable To Connect To the Database");
//Variable used for the primary key in User Table in Database.
$userid = $_POST['userid'];
$email = $_POST['email'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$teamname = $_POST['teamname'];
$query = "INSERT INTO user VALUES ('$userid', '$email', '$password', '$cpassword', '$firstname', '$lastname', '$teamname')";
mysql_query($query);
mysql_close();
header("Location: thankyou.php");
die();
} else {
echo '<p align="center"><strong>Errors on page</strong><br><br></p>';
}
}
/*Each $_POST variable with be checked by the function*/
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<!--The htmlspecial() function prevents from hackers inserting specific characters in fields with malicious intent-->
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table align="center" border="1" bordercolor="black" bgcolor="white" cellpadding="5" cellspacing="0" width="50%">
<tr>
<td>
<table align="center" bordercolor="white" border="0" cellpadding="5" cellspacing="0">
<tr>
<td align="center" colspan="2"><strong>Registration</strong></b></td>
</tr>
<tr>
<td colspan="2"><br></td>
</tr>
<tr>
<td align="right" width="20%">E-mail:</td>
<td align="left" width="30%"><input class="largeTextBox" type="text" name="email" maxlength="50" size="30" placeholder=" email" value="<?php echo $email;?>"</td>
</tr>
<tr>
<td colspan="2" align="center"><span class="error"><?php echo $emailErr;?></td>
</tr>
<tr>
<td align="right" width="20%">Username:</td>
<td align="left" width="30%"><input class="largeTextBox" type="text" name="username" maxlength="50" size="30" placeholder=" username" value="<?php echo $username;?>"></td>
</tr>
<tr>
<td colspan="2" align="center"><span class="error"><?php echo $userErr;?></td>
</tr>
<tr>
<td align="right" width="20%">Password:</td>
<td align="left" width="30%"><input class="largeTextBox" type="password" name="password" maxlength="50" size="30" placeholder=" password" value="<?php echo $password;?>"></td>
</tr>
<tr>
<td colspan="2" align="center"><span class="error"><?php echo $passwordErr;?></td>
</tr>
<tr>
<td align="right" width="20%">Confirm Password:</td>
<td align="left" width="30%"><input class="largeTextBox" type="password" name="cpassword" maxlength="50" size="30" placeholder=" confirm password" value="<?php echo $cpassword;?>"></td>
</tr>
<tr>
<td colspan="2" align="center"><span class="error"><?php echo $cpasswordErr;?></td>
</tr>
<tr>
<td align="right" width="20%">First Name:</td>
<td align="left" width="30%"><input class="largeTextBox" type="text" name="firstname" maxlength="50" size="30" placeholder=" first name" value="<?php echo $firstname;?>"></td>
</tr>
<tr>
<td colspan="2" align="center"><span class="error"><?php echo $firstErr;?></td>
</tr>
<tr>
<td align="right" width="20%">Last Name:</td>
<td align="left"><input class="largeTextBox" type="text" name="lastname" maxlength="50" size="30" placeholder=" last name" value="<?php echo $lastname;?>"></td>
</tr>
<tr>
<td colspan="2" align="center"><span class="error"><?php echo $lastErr;?></td>
</tr>
<tr>
<td align="right" width="20%">Team Name:</td>
<td align="left" width="30%"><input class="largeTextBox" type="text" name="teamname" maxlength="50" size="30" placeholder=" team name" value="<?php echo $teamname;?>"></td>
</tr>
<tr>
<td colspan="2" align="center"><span class="error"><?php echo $teamErr;?></td>
</tr>
<tr>
<td colspan="2" align="center"><hr/></td>
</tr>
<tr>
<td colspan="2" align="center"><input class="bigButton" type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
Upvotes: 0
Views: 217
Answers (3)
SITDGNymall
Reputation: 45
I noticed you aren't handling MySQL errors. After you call a query, you should always have some kind of error checking. For mysql you should use mysql_error. For example:
$query = "INSERT INTO user VALUES ('$userid', '$email', '$password', '$cpassword', '$firstname', '$lastname', '$teamname')";
mysql_query($query);
echo mysql_errno($link) . ": " . mysql_error($link). "\n";
That should tell you your error.
Upvotes: 0
Poorya Mohammadi
Reputation: 751
You should check if your query was succesfull or not. if not show the error.
if (!mysql_query($query))
{
die('Invalid query: ' . mysql_error());
}
And in your database, are all the columns strings(varchar) or are there also integers because if so you wont succeed .
like this
$userid = $_POST['userid'];
i assume userid is a integer but you just assign it from post to var this var will be a string.
in order to get a integer you should something like this
$userid = $_POST['userid'];
$userid+=0;
And if your primary key is set to auto-increment you should not insert anything to that column. It will be done automaticlally
Upvotes: 2
andrew
Reputation: 9583
This probably won't solve the problem you're having but hopefully it helps.
try the query as
"INSERT INTO user (`email`,`password`,`cpassword`,`firstname`,`lastname`,`teamname`)VALUES
('$email', '$password', '$cpassword', '$firstname', '$lastname', '$teamname')"
let the db driver handle assigning the id using auto increment.
You should also be aware you have some nasty sql injection vulnerabilities
Upvotes: 0
Related Questions
- PHP & MySQL - not inserting into database
- php not writing data into database
- Can not connect and write into mysql database
- Trouble writing to html from mysql database
- Not writing to MySQL database correctly
- my php code wont insert
- PHP unable to write to MySQL database
- Code doesn't write values in db
- Nothing will insert into my database
- PHP MySQL not inserting into database