CODEWITHSUNDEEP
phppostmysqliinsert-into
Sebastian
Sebastian

Reputation: 97

Unable to insert data from post array in MySQL

As in topic, I'm beginner in programming but I've recently created some code that looks ok for me for now(yeah some things are messed up but I' going to work on it), so I have ordinary registration form looking like this:

    include 'modules/translator.php';
include 'includes/database.php';
include 'includes/header.php';

echo '<div id="regbox">
         <ul>
         <li><a href="registration.php" class="rbutton" onclick="return regboxr();">'. $LANG['REGISTER'] .'</a></li>
         <li><a href="login.php" class="sbutton" onclick="return regboxs();">'. $LANG['SIGNIN'] .'</a></li>
         </ul>
         <form action="registration_action.php" method="post" autocomplete="off">
         <div class="input-w"><label for="name"><img src="theme/original/images/user.png"/></label><input type="text" name="regname" placeholder="'. $LANG['NAME'] .'"class="input"></div>
         <div class="input-w"><label for="surname"><img src="theme/original/images/surname.png"/></label><input type="text" name="regsurname" placeholder="'. $LANG['SURNAME'] .'"class="input"></div>
         <div class="input-w"><label for="nickname"><img src="theme/original/images/nick.png"/></label><input type="text" name="regnickname" placeholder="'. $LANG['NICKNAME'] .'"class="input"></div>
         <div class="input-w"><label for="email"><img src="theme/original/images/email.png"/></label><input type="text" name="regemail" placeholder="'. $LANG['EMAIL'] .'"class="input"></div>
         <div class="input-w"><label for="pass"><img src="theme/original/images/password.png"/></label><input type="password" name="regpass" placeholder="'. $LANG['PASSWORD'] .'"class="input"></div>
         <div class="input-w"><label for="rpass"><img src="theme/original/images/rpassword.png"/></label><input type="password" name="regrpass" placeholder="'. $LANG['RPASSWORD'] .'"class="input"></div>
         <div class="registerholder"><input type="submit" class="register" value="'.$LANG['REGISTER_SUBMIT'].'"></div>
         </form>
         </div>';

include 'includes/footer.php';

And this is file which checks for errors(if format of e-mail is proper for example), and if no errors should insert data into database:

/*Include translating module,database settings,
functions needed to prepare data from form, 
to insert them into database and user interface header.*/

include 'modules/translator.php';
include 'includes/database.php';
include 'includes/functions.php';
include 'includes/header.php';

/*Variables including data from registration.php form.*/

$name=$_POST[regname];
$surname=$_POST[regsurname];
$nickname=$_POST[regnickname];
$email=$_POST[regemail];
$password=$_POST[regpass];
$rpassword=$_POST[regrpass];

/*Variable used to count errors occured during registration process.*/

$errorcounter=0;

/*Variables used to display errors that occured during registration process.*/

$errornameset='';
$errorname='';
$errornamelength='';
$errorsurnameset='';
$errorsurname='';
$errorsurnamelength='';
$errornicknameset='';
$errornickname='';
$errornicknamelength='';
$erroremailset='';
$erroremail='';
$errorpasswordset='';
$errorpassword='';
$errorpasswordlength='';
$errorpasswordcomparison='';
$registrationset1='';
$registrationset2='';
$errordbconnection='';


if(empty($name)){

     $errorcounter++;
     $errornameset='&#8226' . $LANG['ERR_REG_NAME_SET'] . '<br>';

}
elseif(!preg_match('/^[A-ZĄĆĘŁŃÓŚŹŻ][a-ząćęłńóśźż]{2,}$/', $name)){

     $errorcounter++;
     $errorname='&#8226' . $LANG['ERR_REG_NAME_CHAR'] . '<br>';

}
elseif(strlen($name)<3 || strlen($name)>16){

     $errorcounter++;
     $errornamelength='&#8226' . $LANG['ERR_REG_NAME_LENGTH'] . '<br>';

}

if(empty($surname)){

     $errorcounter++;
     $errorsurnameset='&#8226' . $LANG['ERR_REG_SURNAME_SET'] . '<br>';

}
elseif(!preg_match('/^[A-ZĄĆĘŁŃÓŚŹŻ][a-ząćęłńóśźż]{2,}$/', $surname)){

     $errorcounter++;
     $errorsurname='&#8226' . $LANG['ERR_REG_SURNAME_CHAR'] . '<br>';

}
elseif(strlen($surname)<3 || strlen($surname)>32){

     $errorcounter++;
     $errorsurnamelength='&#8226' . $LANG['ERR_REG_SURNAME_LENGTH'] . '<br>';

}

if(empty($nickname)){

     $errorcounter++;
     $errornicknameset='&#8226' . $LANG['ERR_REG_NICKNAME_SET'] . '<br>';

}
elseif(!preg_match('/^[A-Za-z0-9]{6,}$/', $nickname)){

     $errorcounter++;
     $errornickname='&#8226' . $LANG['ERR_REG_NICKNAME_CHAR'] . '<br>';

}
elseif(strlen($nickname)<3 || strlen($nickname)>12){

     $errorcounter++;
     $errornicknamelength='&#8226' . $LANG['ERR_REG_NICKNAME_LENGTH'] . '<br>';

}

if(empty($email)){

     $errorcounter++;
     $erroremailset='&#8226' . $LANG['ERR_REG_EMAIL_SET'] . '<br>';

     }
elseif(!preg_match('/^[A-Za-z0-9\.\-\_]{2,}\@[A-Za-z0-9\.\-\_]+\.[a-z]{2,4}$/', $email)){

     $errorcounter++;
     $erroremail='&#8226' . $LANG['ERR_REG_EMAIL_CHAR'] . '<br>';

}

if(empty($password) || empty($rpassword)){

     $errorcounter++;
     $errorpasswordset='&#8226' . $LANG['ERR_REG_PASSWORD_SET'] . '<br>';

     }
elseif(!preg_match('/^[A-Za-z0-9\.\-_@#]{6,}$/', $password)){

     $errorcounter++;
     $errorpassword='&#8226' . $LANG['ERR_REG_PASSWORD_CHAR'] . '<br>';

}
elseif(strlen($password)<6 || strlen($password)>32){

     $errorcounter++;
     $errorpasswordlength='&#8226' . $LANG['ERR_REG_PASSWORD_LENGTH'] . '<br>';

     }
elseif($password !== $rpassword){

     $errorcounter++;
     $errorpasswordcomparison='&#8226' . $LANG['ERR_REG_PASSWORD_COMPARISON'] . '<br>';

}

if($errorcounter==1){

     echo '<div class="warning"><div class="wimg"><img src="theme/original/images/warning.png"/></div><div class="wheaderc"><span class="wheader">'. $LANG['ERR_REG_COUNT_MESSAGE'] . $errorcounter . $LANG['ERR_REG_COUNT_1'] . '</span></div><div class="wspacer"></div><div class="errors">' .
             $errornameset . 
             $errorname . 
             $errornamelength . 
             $errorsurnameset . 
             $errorsurname . 
             $errorsurnamelength . 
             $errornicknameset . 
             $errornickname . 
             $errornicknamelength . 
             $erroremailset . 
             $erroremail . 
             $errorpasswordset . 
             $errorpassword . 
             $errorpasswordlength . 
             $errorpasswordcomparison . 
             '</div><div class="aspacer"></div><a href="registration.php" class="reglink">' . $LANG['REG_FIX'] . '</a></div>';

}
elseif($errorcounter>1 && $errorcounter<5){

     echo '<div class="warning"><div class="wimg"><img src="theme/original/images/warning.png"/></div><div class="wheaderc"><span class="wheader">'. $LANG['ERR_REG_COUNT_MESSAGE'] . $errorcounter . $LANG['ERR_REG_COUNT_1_5'] . '</span></div><div class="wspacer"></div><div class="errors">' .
             $errornameset . 
             $errorname . 
             $errornamelength . 
             $errorsurnameset . 
             $errorsurname . 
             $errorsurnamelength . 
             $errornicknameset . 
             $errornickname . 
             $errornicknamelength . 
             $erroremailset . 
             $erroremail . 
             $errorpasswordset . 
             $errorpassword . 
             $errorpasswordlength . 
             $errorpasswordcomparison . 
             '</div><div class="aspacer"></div><a href="registration.php" class="reglink">' . $LANG['REG_FIX'] . '</a></div>';

}
elseif($errorcounter>4){

     echo '<div class="warning"><div class="wimg"><img src="theme/original/images/warning.png"/></div><div class="wheaderc"><span class="wheader">'. $LANG['ERR_REG_COUNT_MESSAGE'] . $errorcounter . $LANG['ERR_REG_COUNT_4'] . '</span></div><div class="wspacer"></div><div class="errors">' .
             $errornameset . 
             $errorname . 
             $errornamelength . 
             $errorsurnameset . 
             $errorsurname . 
             $errorsurnamelength . 
             $errornicknameset . 
             $errornickname . 
             $errornicknamelength . 
             $erroremailset . 
             $erroremail . 
             $errorpasswordset . 
             $errorpassword . 
             $errorpasswordlength . 
             $errorpasswordcomparison . 
             '</div><div class="aspacer"></div><a href="registration.php" class="reglink">' . $LANG['REG_FIX'] . '</a></div>';

}
else{

     $group=1;
     $token=md5(uniqid(rand(), true));
     $connection=mysqli_connect(db_server, db_user, db_password, db_name);
     $regquery="INSERT INTO users (name, surname, nickname, e-mail, password, group, token) VALUES ('".$name."', '".$surname."', '".$nickname."', '".$email."', '".$password."', '".$group."', '".$token."')";

     if(mysqli_query($connection, $regquery)){

         echo '<div class="alert"><div class="wimg"><img src="theme/original/images/alert.png"/></div><div class="aheaderc"><span class="aheader">'. $LANG['REG_COMPLETED_HEADER'] .'</span></div><div class="wspacer"></div><div class="alertm">' .
             $registrationset1=$LANG['REG_COMPLETED_MESSAGE_1'] . $email . "." . $registrationset2=$LANG['REG_COMPLETED_MESSAGE_2'] .
             '</div><div class="aspacer"></div><a href="index.php" class="mainlink">' . $LANG['REG_MAIN'] . '</a></div>';

         mysqli_close($connection);

     }
     else{

         echo '<div class="warning"><div class="wimg"><img src="theme/original/images/warning.png"/></div><div class="wheaderc"><span class="wheader">'. $LANG['DB_ERR_HEADER'] . '</span></div><div class="wspacer"></div><div class="errors">' .
             $errordbconnection = $LANG['DB_ERR_CONNECTION'] .
             '</div><div class="dbspacer"></div><a href="registration.php" class="reglink">' . $LANG['REG_FIX'] . '</a></div>';

     }

}

include 'includes/footer.php';

And that's it.As addition I can say that i checked if connection in this file works properly and test was positive.One more thing I guess, in div with warning class is everything negative and in div with alert class is everything positive.My script prints negative div which means that no records inserted into DB(I checked that in phpmyadmin-no records).I tried everything including rebuilding my code but this doesn't works.MySQL Improved is available in my hosting services.Any ideas dear programmers?Thank You for Your time and waiting in hope for good answers. :)

Upvotes: 2

Views: 92

Answers (1)

stj
stj

Reputation: 9097

The query string you're using

INSERT INTO users (name, surname, nickname, e-mail, password, group, token) VALUES ...

won't work in MySQL as it is. The reason is that e-mail (without quotes) is not a valid column name and that group is a keyword. So the query won't parse. Both column names need to be enclosed in backticks so MySQL will actually treat them as column names:

INSERT INTO users (name, surname, nickname, `e-mail`, password, `group`, token) VALUES ...

You should definitely turn on error reporting because this would have probably revealed this error (plus several more in the script) already. Additionally, as someone already pointed out, your script is definitely vulnerable to SQL injection and you should care about it.

Upvotes: 2

Related Questions