0

I am trying to incorporate this code to allow me to register a user after their details are given. All details are to be inserted into the database, and then load the new page, all done using AJAX.

To help keep things in context. All pages are loaded within the #main-content div within index.php. They are all loaded via the same function used that you will see in the click.js portion upon ajax success. Register.php is simply one of the pages that loads within this div.

Currently, the form loads properly, and upon submission, the new page loads as per the ajax function. Nothing however is inserted into the database.

Disclaimer: I have not set this up yet to trim for security purposes. This is a matter of function first prior to setting up to protect against SQL injections.

register.php

<script src="js/click.js"></script>

<form action="click.js" method="post">

   <label for="first_name">First Name:</label>
   <input type="text" id="first_name" name="first_name" /><br>

   <label for="last_name" >Last Name:</label>
   <input type="text" id="last_name" name="last_name" /><br>

   <label for="username">Username:</label>
   <input type="text" id="username" name="username" /><br>

   <label for="password">Password:</label>
   <input type="text" id="password" name="password" /><br>

   <label for="email">Email:</label>
   <input type="email" id="email" name="email" /><br>

   <button type="submit" id="reg-submit" name="submit">Submit</button>

</form>

click.js

$(document).ready(function(){

  $('#reg-submit').click(function() {
     var firstName = $('#first_name').val();
     var lastName = $('#last_name').val();
     var userName = $('#username').val();
     var password = $('#password').val();
     var email = $('#email').val();
     var dataString = 'name1=' + firstName + '&lastname1=' + lastName + '&user1=' + userName + '&password1=' + password + '&email1=' + email;

     if (firstName == "" || lastName == "" || userName == "" || password == "" || email == "") {
         alert('missing some information');
     }  else {
         $.ajax({
           type: "POST",
           url: "usersubmit.php",
           data: dataString,
           cache: false,
           success: function(){
             $('#main-content').load('php/next-page.php').hide().fadeIn('slow');                
          }
        });
      };
   return false;
   });
});

the DB connection takes place within the users_db.php.

usersubmit.php

<?php 

   include 'users_db.php';

   $first1=$_POST['name1'];
   $last1=$_POST['lastname1'];
   $username1=$_POST['user1'];
   $pass1=$_POST['password1'];
   $email01=$_POST['email1']; 

   $userinfo = $conn->prepare("INSERT INTO registered_users (FirstName, LastName, Username, Password, Email) VALUES ('$first1', '$last1', '$username1'', '$pass1', '$email01')");

   $userinfo->execute();


   $conn = null;
?>

Much appreciated!

If you see any other problems I may have here outside of the form simply not submitting, feel free to point them out.

Improve this question
6
  • 2
    why not simply: form.serialize()? Commented May 8, 2016 at 21:48
  • php file ... print_r($_POST); at that top, use firebug or equivalent to see what it shows Commented May 8, 2016 at 21:48
  • Also you have a syntax error in your SQL statement near $username. Commented May 8, 2016 at 21:50
  • Your form should work fine without AJAX, but with a normal post request. That means that you can easily develop and test the form part without JavaScript. Once the PHP processing part works fine, you can incorporate AJAX. That way, you tackle one problem at the time. Commented May 8, 2016 at 21:55
  • 1
    There's no point using prepared statements if you're constructing your query directory from user input. Use bindParam, bindValue or pass an array of values to the execute method! Commented May 8, 2016 at 21:55

1 Answer 1

Reset to default
2

The answer is that is not how you prepare statements :) 

<?php 

   include 'users_db.php';

   $first1=$_POST['name1'];
   $last1=$_POST['lastname1'];
   $username1=$_POST['user1'];
   $pass1=$_POST['password1'];
   $email01=$_POST['email1']; 

   $userinfo = $conn->prepare("INSERT INTO registered_users (FirstName, LastName, Username, Password, Email) VALUES (?, ?, ?, ?, ?)");
   $userinfo->bind_param("sssss",$first1,$last1,$username1,$pass1,$email01);

   $userinfo->execute();

    // you shoud close the prep statement object
   $userinfo->close();
   //this is the way to kill the conn
   $conn->close();
?>

This is assuming your connection to database works :)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.