CODEWITHSUNDEEP
phpmysqlforms
drinu16
drinu16

Reputation: 795

Form Submit to PHP

I am trying to submit data from an HTML form to PHP to be saved into mysql database. I had previously done this and for some reason it cannot work, I must be missing something.

This is Register page

<form action="reg.php" method="POST">
        <table >
            <tr>
                <td>Email :</td>
                <td><input name="Email" type="text" /></td>
            </tr>
            <tr>
                <td>Password :</td>
                <td><input name="Password" type="password" /></td>
            </tr>
            <tr>
                <td> </td>
                <td><input type="submit" name="submit" value="Submit"> </td>
            </tr>


        </table>
    </form>

This is the reg.php

<?php

include_once("db.php");

$SQL = "INSERT INTO  users  (Email, Password  ) VALUES ('".$_GET["Email"]."','". $_GET['Password'] ."' )";     

mysql_query($SQL);
error_reporting(E_ALL);
?>

And this is the db.php

<?php

$MyUsername = "root";   
$MyPassword = "";   
$MyHostname = "localhost";      

$dbh = mysql_pconnect($MyHostname , $MyUsername, $MyPassword);
$selected = mysql_select_db("dbName",$dbh);
?>

If I run

localhost/[email protected]&Password=123456

It does work and those values are shown in the database, I must be missing something in the register page.

It could be a stupid mistake as Im new to PHP.

Thanks in advance

Upvotes: 0

Views: 310

Answers (3)

Shamal Sandeep
Shamal Sandeep

Reputation: 529

You're making a mistake with the form method, change

<form action="reg.php" method="POST">

to

<form action="reg.php" method="GET">

If you want to continue using the POST method use

$SQL = "INSERT INTO  users  (Email, Password  ) VALUES ('".$_POST["Email"]."','". $_POST['Password'] ."' )";

Upvotes: 1

tbddeveloper
tbddeveloper

Reputation: 2447

You need to be using $_POST instead of $_GET

.$_GET["Email"]."','". $_GET['Password'] ."' )";

should be

.$_POST["Email"]."','". $_POST['Password'] ."' )";

When you type the URL in, that is a GET request which is why it works. You should really POST a form, because a GET will transmit the variables in the query string, and be visible. A password field is still plain text when it's transmitted.

Also, as has been mentioned, you're using deprecated methods for talking to the database and you're leaving yourself prone to SQL injection. Take a look at PDO http://php.net/manual/en/book.pdo.php

Use mysqli with prepared statements, or PDO with prepared statements

Also consider using CRYPT_BLOWFISH or PHP 5.5's password_hash() function for password storage.

For PHP < 5.5 use the password_hash() compatibility pack.

Storing what seems to be done in plain text, is not safe.

Upvotes: 2

Ijaz Ahmed Bhatti
Ijaz Ahmed Bhatti

Reputation: 739

debug you code and check the error you will get data in $_POST in reg.php . print_r($_POST) on your reg.php file you will get the data

Upvotes: 0

Related Questions