Click here to Skip to main content
15,123,923 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Here are the codes I am using with
<form action="code.php" method="POST"></form>


These are my codes in code.php.
PHP
<?php
session_start();

$connection = mysqli_connect("localhost","root","","adminpanel");

if(isset($_POST['register_btn']))
{
    $fullname = $_POST['fname'];
    $office = $_POST['office'];
    $school = $_POST['school'];
    $email = $_POST['email'];
    $username = $_POST['uname'];
    $password = $_POST['pword'];
    $cpassword = $_POST['cpword'];
    //$image = $_POST['photo'];
 
    if($password === $cpassword) {


    $query = "INSERT INTO register (fname, office, school, email, uname, pword) VALUES ('$fullname', '$office', '$school', '$email', '$username')";
    $query_run = mysqli_query($connection, $query);

            if($query_run) {
                $_SESSION ['success'] = "New Site Admin added";
                header ('Location: register.php');
            }
            else {
                $_SESSION ['status'] = "New Admin entry NOT succesful";
                header ('Location: register.php');
            }
    }
    else {
        $_SESSION ['status'] = "Password and Confirm Password Do Not Match";
        header ('Location: register.php');
        }

}
?>


What I have tried:

I have entered all needed data correctly and carefully but it always returned
New Admin entry NOT succesful


Please help me with this. Thanks all.
Posted
Updated 9-Aug-20 4:09am

We don't know - and until you find out what the error reported is, nobody will.
So use PHP mysqli_error() function / mysqli::$error - w3resource[^] to find out what MySql is complaining about, and go from there.

But ... it's probably that you should not do it like that at all. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
   
Comments
JeffLiteral 9-Aug-20 8:59am
   
That means...?

$query = "INSERT INTO 'register'


with single quote ''.

Sorry...
you need to learn to debug your code.
the message
<pre lang="text">
New Admin entry NOT succesful
comes from your code
PHP
$_SESSION ['status'] = "New Admin entry NOT succesful";

which means that something is unexpected in
PHP
$query_run = mysqli_query($connection, $query);
if($query_run) {

only you can discover the reason.

Your code do not behave the way you expect, or you don't understand why !

There is an almost universal solution: Run your code on debugger step by step, inspect variables.
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
There is no magic in the debugger, it don't know what your code is supposed to do, it don't find bugs, it just help you to by showing you what is going on. When the code don't do what is expected, you are close to a bug.
To see what your code is doing: Just set a breakpoint and see your code performing, the debugger allow you to execute lines 1 by 1 and to inspect variables as it execute.

Debugger - Wikipedia, the free encyclopedia[^]

Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[^]
Basic Debugging with Visual Studio 2010 - YouTube[^]

phpdbg | php debugger[^]
Debugging techniques for PHP programmers[^]

The debugger is here to only show you what your code is doing and your task is to compare with what it should do.
   
It seems that you're missing one value. You're inserting into 6 columns but provide only 5 values

Have a look at this mapping
 $query = "INSERT INTO register (fname, office, school, email, uname, pword) VALUES ('$fullname', '$office', '$school', '$email', '$username')";

- fname  <= $fullname
- office <= $office
- school <= $school
- email  <= $email
- uname  <= $username
- pword  <= ?????

But before just providing the for pword, do change the code to use bind variables as explained in the first solution

Also note! If the pword field is for password as the name suggest, never ever store passwords as text in the database. To do it correctly, have a look at Password Storage: How to do it.[^]
   
v2
Comments
JeffLiteral 9-Aug-20 9:50am
   
I have done some things as you have suggested.


    $fullname = $_POST['fname'];
    $office = $_POST['office'];
    $school = $_POST['school'];
    $email = $_POST['email'];
    $username = $_POST['uname'];
    $password = md5($_POST['pword']);
    $cpassword = $_POST['cpword'];

$query = "INSERT INTO 'register' (fname, office, school, email, uname, pword) VALUES ('$fullname', '$office', '$school', '$email', '$username', '$password')";


but right now, it returns a result:

$_SESSION ['status'] = "Password and Confirm Password Do Not Match";
        header ('Location: register.php');
Wendelius 9-Aug-20 10:00am
   
When checking if the passwords match, don't hash them yet, use the input from the user as-is.

But after the check is complete, do not store the password as plain text in the database. Instead, hash it just like explained in the article I referenced.
Wendelius 9-Aug-20 10:03am
   
Also note that it's not a good idea to use MD5 for hashing. For more details, see PHP: Password Hashing - Manual[^]
JeffLiteral 9-Aug-20 10:20am
   
I did took out the md5 hashing. But right now, it turns to another status which is
$_SESSION ['status'] = "New Admin entry NOT successful";


How could this be very difficult for me? :( But I am very thankful for the your patience and willingness to help.

What else did I do wrong to cause this errors?
Wendelius 9-Aug-20 10:44am
   
To find out the actual error returned by the database, use PHP mysqli_error() function / mysqli::$error - w3resource[^]

What is the error text it returns?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900