Link to home
Start Free TrialLog in
Avatar of Jazzy 1012
Jazzy 1012

asked on

Adding through query php

<?php

require "connection.php";


if ($_POST['username'] != ""  && $_POST['email'] != "" && $_POST['password'] !="")
{
	$username = $_POST['username'];
	$email = $_POST['email'];
	$password = $_POST['password'];

	$query = "INSERT INTO users-info (username,,email,password) VALUES ('$firstname','$email','$password')";
	$data = mysqli_query($conn,$query)or die(mysqli_error($conn));
	  

}	

?>

Open in new window


It won't add, it there any problem? I cant see any errors

This is my form before:

<!DOCTYPE HTML>  
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>  

<?php
// define variables and set to empty values
$nameErr = $emailErr  ="";
$username = $email  = $password  = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  if (empty($_POST["name"])) {
    $nameErr = "Name is required";
  } else {
    $username = test_input($_POST["name"]);
    // check if name only contains letters and whitespace
    if (!preg_match("/^[a-zA-Z ]*$/",$username)) {
      $nameErr = "Only letters and white space allowed"; 
    }
  }
  
  if (empty($_POST["email"])) {
    $emailErr = "Email is required";
  } else {
    $email = test_input($_POST["email"]);
    // check if e-mail address is well-formed
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
      $emailErr = "Invalid email format"; 
    }
  }
    
  if (empty($_POST["password"])) {
    $password = "";
  } else {
    $password = test_input($_POST["password"]);
  }
}

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}
?>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?> signup.php">  
  Name: <input type="text" name="username" value="<?php echo $username;?>">
  <span class="error">* <?php echo $nameErr;?></span>
  <br><br>
  E-mail: <input type="text" name="email" value="<?php echo $email;?>">
  <span class="error">* <?php echo $emailErr;?></span>
  <br><br>
 Password: <input type="password" name= "password" value="<?php echo $password;?>">
  <br><br>
  <input type="submit" name="submit" value="Submit">  
</form>
</body>
</html>

Open in new window

Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image
What happens with this
<?php
require "connection.php";

$username = !empty($_POST['username']) ? $_POST['username'] : false;
$email    = !empty($_POST['email']) ? $_POST['email'] : false;
$password = !empty($_POST['password']) ? $_POST['password'] : false;


if ($username && $email && $password)  {
  $query = "INSERT INTO users-info (username,,email,password) VALUES ('$firstname','$email','$password')";
  $data = mysqli_query($conn,$query);
  if (!$data) {
    echo "Query [{$query}] failed with error: " . mysqli_error($conn);
  }
}
else {
  echo "DEBUG<pre>" . print_r($_POST, true) . "</pre>";
}
?>

Open in new window

Avatar of Jazzy 1012
Jazzy 1012

ASKER

Nothing it says error in my previous code because the preg_match won't come out, also because the form has more than one action
Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image
Why have you got two actions? Forms can only have one action.
Avatar of Jazzy 1012
Jazzy 1012

ASKER

Because I want the preg_match to show if what they write anything invalid
Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image
Because I want the preg_match to show if what they write anything invalid

Open in new window

You have to do that by designing your code differently - you can't have two destinations for the form.

There were many problems with your code - variable names that did not tie up, double comma in the field list of the insert multiple actions to name a few.

Here is a rework of the code
HTML.
This takes the logic for error checking and inserting into the database and combines them into a second script. This script will set the state for the form for both situations where a POST is done and first time access.
Conditionals are used in the form to show messages - which are stored in an array indexed on field name.
<?php
require_once('t1928_signup.php');
?>
<!DOCTYPE HTML>  
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>  
<p style="display: <?php echo empty($error) ? 'none' : 'block';?>"><span class="error">* required field.</span></p>
<form method="post">  
  Name: <input type="text" name="username" value="<?php echo $username;?>">
  <span class="error">* <?php echo isset($error['username']) ? $error['username'] : ''?></span>
  <br><br>
  E-mail: <input type="text" name="email" value="<?php echo $email;?>">
  <span class="error">* <?php echo isset($error['email']) ? $error['email'] : ''?></span>
  <br><br>
  <!-- We don't repopulate the password field -->
 Password: <input type="password" name= "password" value="">
  <br><br>
  <input type="submit" name="submit" value="Submit">  
</form>
</body>
</html>

Open in new window


Signup code
<?php
// Initialise form variables and error array
$username = '';
$email = '';
$error = array ();

// Check if we were sent anything
if ($_POST) {
  // Extract post variables such that we have a truthy / falsy value for each
  $username = isset($_POST['username']) ? trim($_POST['username']) : false;
  $email    = isset($_POST['email']) ? trim($_POST['email']) : false;
  $password = isset($_POST['password']) ? trim($_POST['password']) : false;
  
  // Check for valid username and set error if not there
  if (!preg_match('/^[A-Za-z ]+$/', $username)) {
    $error['username'] =  'Only letters and white space allowed';
  }
  
  // Check for valid email and set error if not present
  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    $error['email'] =  'Invalid email format';
  }
  
  // only insert if there are no errors
  if (empty($error))  {
    $query = "INSERT INTO `users-info` (`username`,`email`,`password`) VALUES ('{$username}','{$email}','{$password}')";
    $data = mysqli_query($conn,$query);
    // If we were successful then load our confirmation page
    if ($data) {
      header('signupsuccess.php');
    }
    else {
      // handle database error here
    }
  }
}

Open in new window


Signupsuccess can be any page where you display the welcome message after a successful signup.
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
The INSERT query string has too many comas.
Avatar of Jazzy 1012
Jazzy 1012

ASKER

Okay can the signup code I name it : t1928_signup.php?
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Sorry, "comas" == "commas" and you can name a script anything you want, subject to certain common-sense rules of HTML.

Also, you may want to rethink this statement:

if (!preg_match("/^[a-zA-Z ]*$/",$username)) {

Your regular expression will reject hyphenated names and names like O'Rourke, as well as any accented characters, which leaves out lots of European names.  And any UTF-8 characters outside the scope of ASCII, including all Chinese names.  In other words, there are going to be a plethora of false errors caused by the regex.  I would just omit it entirely.  It's not the programmers' job to tell people what letters their name may or may not contain.

When you run a query, the MySQL engine will know whether the query worked or not.  You can find the ways to discern success or failure, and display the error messages in this article.
https://www.experts-exchange.com/articles/11177/PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html

The code samples in the article show how to test for success or failure and visualize the error messages, if any failures occur.
ASKER CERTIFIED SOLUTION
Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial