0

I am trying to insert form data into mysql database but it is not inserted into table and there is no error!

Here is my code

<?php
$con = mysqli_connect('localhost', 'root', '', 'register');

if (isset($_POST['submit'])) {
  $shop = $_POST['shopname'];
  $name = $_POST['name'];
  $user = $_POST['username'];
  $email = $_POST['email'];
  $password = $_POST['password'];
  $repassword = $_POST['repassword'];
  $phone = $_POST['phone'];
  $sql = "INSERT INTO registration (shop_name,name,username,email,password,repassword,phone) VALUES  ('$shop','$name''$user','$email','$password','$repassword','$phone')";
  if (mysqli_query($con, $sql)) {
    echo "Signup Sucessfull";
  } else {
    echo mysqli_error();
  }
}
?>

How can I resolve this problem?

Improve this question
2
  • So, "Signup Sucessfull" message coming? Commented Aug 25, 2016 at 9:24
  • 4
    An aside from your issue, but it does not make sense to store password and repeated password in the database. Compare in your PHP, fail if they don't match, and only store it once if they match. Also, don't store password in plain text, hash them using the password API, and use prepared statements to remove your current risk of SQL injection. Commented Aug 25, 2016 at 9:25

5 Answers 5

Reset to default
2

Turns out you forgot to mention a comma after the name.

'$name''$user'   // Missing comma in between

Also, it should be mysqli_error($con) instead of mysqli_error()

Try some debugging:

$sql = "INSERT INTO registration (shop_name,name,username,email,password,repassword,phone) VALUES  ('".$shop."','".$name."', '".$user."','".$email."','".$password."','".$repassword."','".$phone."')";

mysqli_query($con, $sql) or die(mysqli_error($con));
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

i put comma between both variables but it didn't solve my problem its still running without any error but not saved to database
0

You seems to miss "," between the insert values. This code will work fine.

<?php
$con = mysqli_connect('localhost', 'root', '', 'register');

if (isset($_POST['submit'])) {
  $shop = $_POST['shopname'];
  $name = $_POST['name'];
  $user = $_POST['username'];
  $email = $_POST['email'];
  $password = $_POST['password'];
  $repassword = $_POST['repassword'];
  $phone = $_POST['phone'];
  $sql = "INSERT INTO registration (shop_name,name,username,email,password,repassword,phone) VALUES  ('".$shop."','".$name."','".$user."','".$email."','".$password."','".$repassword."','".$phone."')";
  if (mysqli_query($con, $sql)) {
    echo "Signup Sucessfull";
  } else {
    die(mysqli_error($con));
  }
}
?>
Improve this answer

Comments

0

Yes, As already @ObjectManipulator pointed your silly mistake near '$name''$user'.

I will strongly recommend you to use mysqli_prepare to avoid SQL Injection.

<?php
$con = mysqli_connect('localhost', 'root', '', 'register');
if (isset($_POST['submit'])) {

  $stmt = mysqli_prepare($con, "INSERT INTO registration (shop_name,name,username,email,password,repassword,phone) VALUES (?, ?, ?, ?,?, ?, ?)");
  mysqli_stmt_bind_param($stmt, 'sssssss',$_POST['shopname'],$_POST['name'],$_POST['username'],$_POST['email'],$_POST['password'],$_POST['repassword'],$_POST['phone']);

  if (mysqli_stmt_execute($stmt)) {
    echo "Signup Sucessfull";
  } else {
    echo mysqli_error($con);
  }
}
?>

And, as @JonStirling suggested not to store password in plain text and use any Password API to encrypt password.

There are many ways to encrypt your password. Use anyone of them. Right now, I illustrated with md5().

And, Why to store password and repassword in database table. While storing user data into database table, check there itself if password & repassword matches or not.

Just a suggestion. It's upto you to choose.

<?php
$con = mysqli_connect('localhost', 'root', '', 'register');
if (isset($_POST['submit'])) {

  if(isset($_POST['password']) && isset($_POST['repassword']) && ($_POST['password'] == $_POST['repassword'])){
    $stmt = mysqli_prepare($con, "INSERT INTO registration (shop_name,name,username,email,password,phone) VALUES (?, ?, ?, ?, ?, ?)");
    mysqli_stmt_bind_param($stmt, 'ssssss',$_POST['shopname'],$_POST['name'],$_POST['username'],$_POST['email'],md5($_POST['password']),$_POST['phone']);

    if (mysqli_stmt_execute($stmt)) {
      echo "Signup Sucessfull";
    } else {
      echo mysqli_error();
    }
  } else {
    echo "Password must match.";
  }
}
?>
Improve this answer

3 Comments

md5 is not recommended for password encryption. This hash has been repeatedly compromised and is too fast. Use instead PHP password_hash
i am new in php i just want to store data into database and yes i will store encrypted password instead of plain text
After using this code also not inserted into database @Ashutosh?
0 
else {
    echo mysqli_error($con);
  }

Problem solved. You forgot the connection details $con for your MySQL error output. This will now correctly output your MySQL Syntax mistakes from your query.

Other Notes:

  • Use Prepared statements for MySQLi (link)
  • Use a proper Password hashing algorithm such as Password_hash. Do not use MD5 (it's too fast and has too many collisions) and NEVER store passwords as plaintext.
  • Use the various filter_Var on your POSTed variables to clean them and make sure you catch any invalid data (such as improper email addresses)
Improve this answer

Comments

0

Put comma in your sql query as below

 $sql = "INSERT INTO registration (shop_name,name,username,email,password,repassword,phone)VALUES  
('$shop','$name','$user','$email','$password','$repassword','$phone')";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.