-12

My university left a task to create a login system with PHP (obviously, connected to a database ). The problem is that my registration page does not save any data sent to the database. I don't know why this is.

Here is my code:

<html>
<head>
<link type="css/text" rel="StyleSheet" href="UniXYZ.css"/>
<meta charset="UTF-8"/>
<title>Registro</title>
</head>
<body>
<?php
session_start();
$host="****";
$username="****"; 
$password="****"; 
$db_name="****"; 
$tbl_name="****"; 
mysqli_connect($host,$username,$password,$db_name)or die("cannot connect");
$email=$_POST['email'];
$password=$_POST['password'];
if (filter_var($email, FILTER_VALIDATE_EMAIL)){
$sql="select 'Email' from 'USER' where 'Email'='$email'";
$result=mysqli_query($sql);
$count=mysqli_num_rows($result);
if($count>0){
echo ("<center><h1><font color='red'>El usuario<br><font color='blue'>".$email."<br><font color='red'>ya existe!<br><a href='index.php'>Inicio</a>");
}else{
$sql="INSERT INTO $tbl_name ('Email','PASS')VALUES('$email','$password')";
$result=mysqli_query($sql);
if($result){
header("location:InicioXYZ.php");
}else{
echo "ERROR MySql";
} 
mysqli_close();
}
}else{
echo"<center><h1><font color='red'>Error el mail ingresado no es v&aacute;lido<br><a href='index.php'>Inicio</a>";
}
?>
<img width="1300px" src="http://i.imgur.com/iOfMyLK.png"/>
<hr width="80%"/>
<div class="login">
<h3 class="h3">Datos Procesados</h3>
<div class="imglog"><img src="http://i.imgur.com/YcUAZHH.png"/></div><br><br><br><br>
<h4><a href="InicioXYZ.php" class="registrate">Pulsa aquí para regresar a la pagina de inicio.</a></h3>
</div>
</body>
</html>
Peter O.
  • 30,765
  • 14
  • 76
  • 91
Dan
  • 13
  • 3
  • 1
    What have you done to debug this? – Shawn Jul 08 '15 at 04:36
  • You should add a login form in this code @daniel – Dhinju Divakaran Jul 08 '15 at 04:38
  • One issue - mysql table and column names should not be wrapped in single quotes. - `select 'Email' from 'USER' where 'Email'='$email'` && `INSERT INTO $tbl_name ('Email','PASS')VALUES('$email','$password')` should be `select Email from USER where Email='$email'` && `INSERT INTO $tbl_name (Email,PASS) VALUES ('$email','$password')`. – Sean Jul 08 '15 at 04:38
  • Well, I have written the code in the page of my server ( bytehost ...) and probe in my browser refreshing the page multiple times.. – Dan Jul 08 '15 at 04:41
  • So many things... You're overwriting the database password with the password supplied by the user; your queries should use back-ticks instead of single quotes around table and column names; you're open to SQL injection; you shouldn't store passwords in plain text...and so much more. –  Jul 08 '15 at 04:49

1 Answers1

2

Errors

  1. mysqli_connect() Should assign to variable

    $connect = mysqli_connect($host,$username,$db_password,$db_name)or die("cannot connect");

  2. AS @sean suggest change the query

     $sql="select Email from USER where Email='$email'";
 $sql="INSERT INTO $tbl_name (Email, PASS) VALUES ('$email','$password')";

  3. $result=mysqli_query($sql); should link with the database connection($connect)

     $result=mysqli_query($connect,$sql);

  4. $password is assign twice in your code

    $password="****";//change this
$sql="INSERT INTO $tbl_name (Email,PASS) VALUES ('$email','$password')";

Read this

  1. mysqli_query
  2. mysql_connect

So Final Well form code is

<?php
    session_start();
    $host="****";
    $username="****";
    $db_password="****";
    $db_name="****";
    $tbl_name="****";
    $connect = mysqli_connect($host,$username,$db_password,$db_name)or die("cannot connect");

    $email=$_POST['email'];
    $password=$_POST['password'];
    if (filter_var($email, FILTER_VALIDATE_EMAIL)){
        $sql="select Email from USER where Email='$email'";
        $result = mysqli_query($connect,$sql);
        $count=mysqli_num_rows($result);
        if($count>0)
        {
            echo ("<center><h1><font color='red'>El usuario<br><font color='blue'>".$email."<br><font color='red'>ya existe!<br><a href='index.php'>Inicio</a>");
        }else
        {
            $sql="INSERT INTO $tbl_name (Email,PASS) VALUES ('$email','$password')";
            $result=mysqli_query($connect,$sql);
            if($result){
                header("location:InicioXYZ.php");
            }else{
                echo "ERROR MySql";
            }
            mysqli_close($connect);
        }
    }else
    {
        echo"<center><h1><font color='red'>Error el mail ingresado no es v&aacute;lido<br><a href='index.php'>Inicio</a>";
    }
?>

And be aware of SQL Injection

Community
  • 1
  • 1
Abdulla Nilam
  • 31,770
  • 15
  • 58
  • 79