1

I have a user input form(HTML) that is supposed to take the information and insert it into a MySQL database via PHP. The PHP apparently executes and echoes "Your registration has completed successfully". A record is created in the database but the columns are blank(I have removed my server, database, and password from the PHP code).

HTML:

<!DOCTYPE html>


<head>

<link rel="stylesheet" type="text/css" href="css/styles.css">
<title>User Portal</title>

</head>

    <div class="inputContainer">

        <header>
            User Information Portal
        </header>

            <form action="php/userPost.php" method="post">

                <label for=firstName">First Name</label>
                <input type="text" id=firstName" name="fname">

                <br><br>

                <label for="lastName">Last Name</label>
                <input type="text" id="lastName" name="lname">

                <br><br>

                <label for="eMail">Email</label>
                <input type="text" id="eMail" name="email">

                <br><br>

                <label class="labelRole" for="userRole">Role -</label><br>
                <input type="radio" id="userRole" name="role" value="Instructor"> Instructor

                <input class="submitButton" type="submit" name="submit" value="Register">

            </form>

    </div>
    </body>

PHP:

<?php

$sname = "server-name";
$uname = "username";
$pword = "password";
$dbname = "web_tech_test";
$conn = new mysqli($sname, $uname, $pword, $dbname);



if ($conn->connect_error) {
    die("Connection failure: " . $conn->connect_error);
}

$fname = !empty($_POST['firstName']);
$lname = !empty($_POST['lastName']);
$email = !empty($_POST['eMail']);
$role = isset($_POST['userRole']);


$sql = "INSERT INTO users (first_name, last_name, email, role)
VALUES ('$fname', '$lname', '$email', '$role')";

if ($conn->query($sql) === TRUE) {
    echo "Your registration has completed successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();

?>

This creates a new record in the DB but all the columns are blank. Any ideas why this may be happening?

Improve this question
1
  • WARNING: When using mysqli you should be using parameterized queries and bind_param to add user data to your query. DO NOT use string interpolation or concatenation to accomplish this because you have created a severe SQL injection bug. NEVER put $_POST or $_GET data directly into a query, it can be very harmful if someone seeks to exploit your mistake. Commented Sep 5, 2016 at 21:05

2 Answers 2

Reset to default
3 
$fname = !empty($_POST['firstName']);
$lname = !empty($_POST['lastName']);
$email = !empty($_POST['eMail']);
$role = isset($_POST['userRole']);

this code returns a boolean, not a string value...

Use !empty() just for validation

example

if(empty($_POST['eMail'])) {
     die("Email cannot be empty");
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

That's an important observation, but not a solution.
He just want a ideia about the why, but i edit my post
I think you mean if (empty(...)) because right now it's complaining about the opposite thing.
1

You're confusing the id and the name tags on the inputs. The name tags are the ones which will be submitted as keys to your server.

Try this in your server php script after submitting your form to see which key/values are actually received by the server:

var_dump($_POST);

Also, if you want to check that all fields have been filled out, use something similar as this:

if (empty($_POST['firstName'])) {
    die("firstname is empty!");
}

In your current example you're actually saving a boolean to your variables.

And, last but not least, never insert variables from a potentially unsafe source (like a user input) directly into your SQL. Use pdo: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers for this

Full code example to get you started:

//prepare your values
if (empty($_POST['fname']) || empty($_POST['lname']|| empty($_POST['email']|| !isset($_POST['role'])) {
    die ("some values were empty or not set");
}

//prepare your database
$db = new PDO('mysql:host=server-name;dbname=web_tech_test;charset=utf8mb4', 'username', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //throw an exception if there is an error

//create your query
$stmt = $db->prepare("INSERT INTO users (first_name, last_name, email, role) VALUES (:first_name,:last_name,:email,:role)"); //create a query statement
$stmt->bindValue(":first_name", $firstName); //put your values into your statement
$stmt->bindValue(":last_name", $lastName);
$stmt->bindValue(":email", $email);
$stmt->bindValue(":role", $role);

if ($stmt->execute()) { //execute the query
    echo "Your registration has completed successfully";
} else {
    echo "Error :(";
}
Improve this answer

8 Comments

I tried using the name=" " from the HTML which is now $fname = !empty($_POST['fname']); and so on in my PHP but it has the same results.
can I remove the !empty() and isset() altogether?
No, I would still check if the user input is correct, let me make a complete code example
the results of var_dump($_POST) was "array(0) { }"
I followed your suggestions and I got it to work! Thank you very much for all of your help. I had to change the $_POST to $_GET for some reason. I know it is not ideal but for now it is good.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.