Kacey Gambill
Reputation: 107
Trying to input data into SQL table using PHP / Html from Registration form
I've tried so many different things and did many searches with no solution. I am trying to use an html form to submit data to a sql table.
Here is the code for my register.php file.
$con = mysqli_connect("localhost", "database_name", "password" "database_user");
if($con === false) {
die("ERROR Could not Connect." . mysqli_connect_error());
}
$lasty= mysqli_real_escape_string($_POST['laz']);
$namez=mysqli_real_escape_string($_POST['namer']);
$emailAddr=mysqli_real_escape_string($_POST['emaila']);
$userName=mysqli_real_escape_string($_POST['usrn']);
$passwo=mysqli_real_escape_string($_POST['passw']);
$sqql = "INSERT INTO 'database_name' . table' (UserID, FirstName, LastName, Email, UserName, Password)
VALUES (NULL, '$namez', '$lasty', '$emailAddr', '$userName', '$passwo')";
if (mysqli_query($con, $sqql)) {
echo "Successfull";
} else {
echo "Did not work!" . $con->error;
}
mysqli_close($con);
My HTML file is:
<form action="register.php" method="POST">
First Name: <input type="text" name="namer" placeholder="First Name"/> <br>
Last Name: <input type='text' name='laz' /> <br>
Email Address: <input type='text' name='emaila' /> <br>
UserName: <input type='text' name='usrn' />
Password: <input type='password' name='passw' />
<input type='submit' id='button' value='Submit' name='login' />
</form>
I apologize in advance for the weirdly named variables, I was afraid that the other files would interrupt what I was trying to do here.
Upvotes: 3
Views: 820
Answers (2)
aldrin27
Reputation: 3407
$con = mysqli_connect("localhost", "database_name", "password" "database_user"); //open connection
if (mysqli_connect_errno()) { //if connection failed
die("Connect failed: ", mysqli_connect_error());
exit();
}
$lasty = mysqli_real_escape_string($con, $_POST['laz']); //added $con needs two parameter (connection, input)
$namez = mysqli_real_escape_string($con, $_POST['namer']);
$emailAddr = mysqli_real_escape_string($con, $_POST['emaila']);
$UserName = mysqli_real_escape_string($con, $_POST['usrn']);
$password = mysqli_real_escape_string($con, $_POST['passw']);
$sqql = "INSERT INTO `table_name`(UserID, FirstName, LastName, Email, UserName, Password)
VALUES (NULL, '$namez', '$lasty', '$emailAddr', '$userName', '$passwo')";
if (mysqli_query($con, $sqql)) {
echo "Row inserted";
}else{
die("Error: ". mysqli_sqlstate($con));
}
mysqli_close($con);
Upvotes: 1
Saty
Reputation: 22532
mysqli_real_escape_string() need two parameter first one is your connection and other is your escapestring
mysqli_real_escape_string(connection,escapestring);
So add $con as first parameter into it
mysqli_real_escape_string($con,$_POST['laz']);
Also wrap off quotes from table name. Use backtick like
INSERT INTO `database_name` . `table`
To check error in your page use
ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(-1);
And Prevent you query by sql injection
Upvotes: 2