register including post fail

Question

I am trying to build a login system with registration etc. now for the registration i use a form and the method "post". Now it fails in what i think is sending the input trough the post. can you help me fix it? here is the code involved in it:

above !doctype

<?php
include('connect.php');
// If the values are posted, insert them into the database.
if (isset($_POST["username"]) && isset($_POST["password"])){
    $username = $_POST["username"];
    $email = $_POST["email"];
    $password = $_POST["password"];

    $query = "INSERT INTO `user` (username, password, email) VALUES ($username, $password, $email)";
    $result = mysqli_query($query);
    if($result){
        $msg = "User Created Successfully.";
    }
else
  {echo "fail";}
}
?>

the form:

<div class="register-form">
<?php
if(isset($msg) & !empty($msg)){
    echo $msg;
}
?>
<h1>Registreer</h1>
<form action="" method="POST">
<p><label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" /></p>

<p><label>E-Mail&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : </label>
 <input id="password" type="email" name="email" required placeholder="name@email.com" /></p>

 <p><label>Password&nbsp;&nbsp; : </label>
 <input id="password" type="password" name="password" placeholder="password" /></p>

<a class="btn" href="login.php">Login</a>
<input class="btn register" type="submit" name="submit" value="Registreer" />
</form>

</div>

The connect.php

<?php
$servername = "localhost";
$username = "sqluser";
$password = "Welkom01!";
$dbname = "users";

$connection = mysqli_connect($servername, $username, $password);
if (!$connection){
die("Database Connection Failed". mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, $dbname);
if (!$select_db){
die("Database Selection Failed" . mysqli_error($connection));
}
?>

Thanks in advance.

If you're going to change your code as per my answer, you need to mark it as an edit underneath your original code. People will visit my answer and stand at downvoting it because of it. — Funk Forty Niner, Nov 11 '14 at 20:50

score 4 · Accepted Answer · edited May 23 '17 at 12:25

4

As per your originally posted question and without marking it as an edit under your newly edited question, should anyone wonder why the answer.

Since we're more than likely dealing with strings

VALUES ($username, $password, $email)

needs to be wrapped inside quotes:

VALUES ('$username', '$password', '$email')

you also need to pass DB connection to your query $result = mysqli_query($query);

Edit: (you added your DB connection code after) from your original post

Since you've not shown what your DB connection is, this would be something like

$result = mysqli_query($connection,$query);

plus, adding or die(mysqli_error($connection)) to mysqli_query()

You also have a missing & in if(isset($msg) & !empty($msg)){ which should read as if(isset($msg) && !empty($msg)){

However, your present code is open to SQL injection.
Use prepared statements, or PDO with prepared statements, they're much safer.

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended.

Use one of the following:

CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
On OPENWALL
PBKDF2
PBKDF2 on PHP.net
PHP 5.5's password_hash() function.
Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/

Other links:

PBKDF2 For PHP

edited May 23 '17 at 12:25

Community

1
1

answered Nov 11 '14 at 20:26

Funk Forty Niner

74,450
15
68
141

thanks for the quick answer i inserted the connect.php (you helped me with it i believe) in the edit and the quotes in my own html but it is still not working (it is gaining the else out of the first part and no entry in the database). and i will look in to the security. thanks for the tip – de boer Nov 11 '14 at 20:36
my mistake for the second include i copy'd it twice to here it is only once in my page – de boer Nov 11 '14 at 20:38
@deboer You're welcome. I've made an additional edit: You also have a missing `&` in `if(isset($msg) & !empty($msg)){` which should read as `if(isset($msg) && !empty($msg)){` - Add error reporting to the top of your file(s) right after your opening ` – Funk Forty Niner Nov 11 '14 at 20:40
@deboer Another thing, it's irrelevant but you have 2x ` – Funk Forty Niner Nov 11 '14 at 20:46
as it is now its working. i will try type text and change the input id (i didn't know what i was thinking with the id... but thanks for all the patience and help – de boer Nov 11 '14 at 20:52
@deboer You're welcome. I posted a note under your question as well as an edit in my answer. Your edit should always be marked as an additional edit under your original code (if it's what you tried and did not work) and marked as such, otherwise people will visit my answer and say: *"There's nothing wrong with this, why the answer?"* - Please do a rollback to your original in order to avoid confusion. – Funk Forty Niner Nov 11 '14 at 20:53
@deboer Would you mind if I did a rollback to your original question? This one http://stackoverflow.com/revisions/26873836/1 because it will just cause confusion with your edit and my answer. – Funk Forty Niner Nov 11 '14 at 20:57

register including post fail

1 Answers1