What makes the following codes unable to send data to mysql server?

Question

1.00/5 (1 vote)

See more:

Here are the codes I am using with

<form action="code.php" method="POST"></form>

These are my codes in code.php.

PHP

<?php
session_start();

$connection = mysqli_connect("localhost","root","","adminpanel");

if(isset($_POST['register_btn']))
{
    $fullname = $_POST['fname'];
    $office = $_POST['office'];
    $school = $_POST['school'];
    $email = $_POST['email'];
    $username = $_POST['uname'];
    $password = $_POST['pword'];
    $cpassword = $_POST['cpword'];
    //$image = $_POST['photo'];
 
    if($password === $cpassword) {


    $query = "INSERT INTO register (fname, office, school, email, uname, pword) VALUES ('$fullname', '$office', '$school', '$email', '$username')";
    $query_run = mysqli_query($connection, $query);

            if($query_run) {
                $_SESSION ['success'] = "New Site Admin added";
                header ('Location: register.php');
            }
            else {
                $_SESSION ['status'] = "New Admin entry NOT succesful";
                header ('Location: register.php');
            }
    }
    else {
        $_SESSION ['status'] = "Password and Confirm Password Do Not Match";
        header ('Location: register.php');
        }

}
?>

What I have tried:

I have entered all needed data correctly and carefully but it always returned

New Admin entry NOT succesful

Please help me with this. Thanks all.

Posted 9-Aug-20 1:24am

JeffLiteral

Updated 9-Aug-20 3:09am

Add a Solution

3 solutions

Solution 1

We don't know - and until you find out what the error reported is, nobody will.
So use PHP mysqli_error() function / mysqli::$error - w3resource[^] to find out what MySql is complaining about, and go from there.

But ... it's probably that you should not do it like that at all. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'

The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'

Which SQL sees as three separate commands:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';

A perfectly valid SELECT

SQL

DROP TABLE MyTable;

A perfectly valid "delete the table" command

SQL

--'

And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

Posted 9-Aug-20 1:46am

OriginalGriff

Comments

JeffLiteral 9-Aug-20 8:59am

That means...?

$query = "INSERT INTO 'register'

with single quote ''.

Sorry...

Solution 3

It seems that you're missing one value. You're inserting into 6 columns but provide only 5 values

Have a look at this mapping

 $query = "INSERT INTO register (fname, office, school, email, uname, pword) VALUES ('$fullname', '$office', '$school', '$email', '$username')";

- fname  <= $fullname
- office <= $office
- school <= $school
- email  <= $email
- uname  <= $username
- pword  <= ?????

But before just providing the for pword, do change the code to use bind variables as explained in the first solution

Also note! If the pword field is for password as the name suggest, never ever store passwords as text in the database. To do it correctly, have a look at Password Storage: How to do it.[^]

Posted 9-Aug-20 3:09am

Wendelius

Updated 9-Aug-20 3:12am

v2

Comments

JeffLiteral 9-Aug-20 9:50am

I have done some things as you have suggested.

    $fullname = $_POST['fname'];
    $office = $_POST['office'];
    $school = $_POST['school'];
    $email = $_POST['email'];
    $username = $_POST['uname'];
    $password = md5($_POST['pword']);
    $cpassword = $_POST['cpword'];

$query = "INSERT INTO 'register' (fname, office, school, email, uname, pword) VALUES ('$fullname', '$office', '$school', '$email', '$username', '$password')";

but right now, it returns a result:

$_SESSION ['status'] = "Password and Confirm Password Do Not Match";
        header ('Location: register.php');

Wendelius 9-Aug-20 10:00am

When checking if the passwords match, don't hash them yet, use the input from the user as-is.

But after the check is complete, do not store the password as plain text in the database. Instead, hash it just like explained in the article I referenced.

Wendelius 9-Aug-20 10:03am

Also note that it's not a good idea to use MD5 for hashing. For more details, see PHP: Password Hashing - Manual[^]

JeffLiteral 9-Aug-20 10:20am

I did took out the md5 hashing. But right now, it turns to another status which is

$_SESSION ['status'] = "New Admin entry NOT successful";

How could this be very difficult for me? :( But I am very thankful for the your patience and willingness to help.

What else did I do wrong to cause this errors?

Wendelius 9-Aug-20 10:44am

To find out the actual error returned by the database, use PHP mysqli_error() function / mysqli::$error - w3resource[^]

What is the error text it returns?

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Patrice T · Accepted Answer · 2020-08-09T02:57:00

you need to learn to debug your code.
the message

<pre lang="text">

New Admin entry NOT succesful
comes from your code

PHP

$_SESSION ['status'] = "New Admin entry NOT succesful";

which means that something is unexpected in

PHP

$query_run = mysqli_query($connection, $query);
if($query_run) {

only you can discover the reason.

Your code do not behave the way you expect, or you don't understand why !

There is an almost universal solution: Run your code on debugger step by step, inspect variables.
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
There is no magic in the debugger, it don't know what your code is supposed to do, it don't find bugs, it just help you to by showing you what is going on. When the code don't do what is expected, you are close to a bug.
To see what your code is doing: Just set a breakpoint and see your code performing, the debugger allow you to execute lines 1 by 1 and to inspect variables as it execute.

Debugger - Wikipedia, the free encyclopedia[^]

Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[^]
Basic Debugging with Visual Studio 2010 - YouTube[^]

phpdbg | php debugger[^]
Debugging techniques for PHP programmers[^]

The debugger is here to only show you what your code is doing and your task is to compare with what it should do.