I coded in php for a login test but the data is not showing in the database

Question

I have attempted to make a login test using php but the data is not showing inside the database..What's the problem?Following are the lines of code for signup.

`

 include 'databasehandler.php';

  $first=$_POST['first'];
  $last=$_POST['last'];
 $uid=$_POST['uid'];
 $password=$_POST['password'];



    $sql="INSERT INTO profile(first, last, uid, password)  
   VALUES('$first, $last, $uid, $password')";


     $result=mysqli_query($conn,$sql);



        header("Location:main.php");`

`mysqli_query($conn,$sql) or die(mysqli_error($conn).' / '.$sql) ;` will show the error — Pierre Granger, Jul 22 '17 at 09:35
Don't store passwords in plain text!! And use prepared statements with placeholders in the query. — Qirel, Jul 22 '17 at 09:47
Also consider having the ID assigned by the database instead of having the user set it — Qirel, Jul 22 '17 at 09:49
a little tips. You can use `extract($_POST)` to assign your $_POST values to variables using the $_POST name. — j.Doe, Jul 22 '17 at 10:05

score 1 · Answer 1 · answered Jul 22 '17 at 09:38

1

You need to add ' for each field. Also use prepared statment to avoid sql injection

include 'databasehandler.php';

  $first=$_POST['first'];
  $last=$_POST['last'];
 $uid=$_POST['uid'];
 $password=$_POST['password'];



    $sql="INSERT INTO profile(first, last, uid, password)  
   VALUES('$first', '$last', '$uid', '$password')";


     $result=mysqli_query($conn,$sql);



        header("Location:main.php");

answered Jul 22 '17 at 09:38

B. Desai

16,414
5
26
47

thanks a lot now i got it – Dipesh Gyawali Jul 23 '17 at 05:24

score 0 · Answer 2 · answered Jul 22 '17 at 09:35

0

add commas before, after value

 $sql="INSERT INTO profile(first, last, uid, password)VALUES('$first', '$last','$uid','$password')";

answered Jul 22 '17 at 09:35

GYaN

2,327
4
19
39

score 0 · Answer 3 · answered Jul 22 '17 at 09:38

Considering that string values should be enclosed in quotes when inserting them in a database, you should add quotes around $first, $last and perhaps even around $password and $uid, if they are strings too:

 $sql="INSERT INTO profile(first, last, uid, password)  
       VALUES('$first', '$last', '$uid', '$password')";

Pierre Granger · Answer 4 · 2017-07-22T09:53:01.777

0

Not sure of the error, first you need to display mysqli error :

mysqli_query($conn,$sql) or die(mysqli_error($conn).' / '.$sql) ;

Anyway there is problems in your sql syntax. You need to add " to your values and protect datas comming from a form :

$first=mysqli_real_escape_string($conn,$_POST['first']) ;
$last=mysqli_real_escape_string($conn,$_POST['last']) ;
$uid=mysqli_real_escape_string($conn,$_POST['uid']) ;
$password=mysqli_real_escape_string($conn,$_POST['password']) ;
// You should consider to hash your password in DB : 
// $password = hash('sha512',$password) ;
// Look at https://stackoverflow.com/questions/14798275/best-way-to-store-passwords-in-mysql-database

$sql='INSERT INTO profile (`first`, `last`, `uid`, `password`)  
VALUES ("'.$first.'","'.$last.'","'.$uid.'","'.$password.'")' ;

edited Jul 22 '17 at 09:53

answered Jul 22 '17 at 09:40

Pierre Granger

1,993
2
15
21

Passwords shouldn't be escaped - but hashed instead. – Qirel Jul 22 '17 at 09:48
@Qirel Yeah you're right, after resolving the syntax problem : Op, you should take a look at this : https://stackoverflow.com/questions/14798275/best-way-to-store-passwords-in-mysql-database – Pierre Granger Jul 22 '17 at 09:49

I coded in php for a login test but the data is not showing in the database

4 Answers4