0

This one has had me stumped for a couple of days. I have a basic PHP script to submit a user registration form. I just cant see what I am doing wrong in this instance the web server is running PHP 7.0 and there are no errors in the logs.

<?php
require_once('connect.php');
if(isset($_POST) && !empty($_POST)){
    $username = mysqli_real_escape_string($connection, $_POST['username']);
    $email = mysqli_real_escape_string($connection, $_POST['email']);
    $password =md5($_POST['password']);

    $sql = "INSERT INTO 'login' (username, email, password) VALUES ('$username', '$email', '$password')";
    $result = mysqli_query($connection, $sql);
    if($result){
        echo "User Rego Secusseflllgk";
    }else{
        echo "User rego faile";
    }
}
?>

I saw a couple of these already but they seemed to be to do with using both myslq and mysqli and others appeared to not be first connection to the DB. Any help would be much appreciated. I am recieving the User Rego Failed echo

Zach Newton
  • 47
  • 5
  • `if(mysqli_query($connection, $sql)){ echo "User Rego Secusseflllgk"; }else{ echo "query error".mysqli_error($connection); }`also remove `'` around `login` . Use back-ticks there – Anant Kumar Singh Dec 06 '16 at 10:18
  • **1.** You shouldn't use `md5`, look into usage of `password_hash()` instead. **2.** You're already using MySQLi, learn how to use *prepared statements*. – Qirel Dec 06 '16 at 10:19
  • Also, your code is vulnerable for SQL injection. Use a prepared statement instead. – Thoaren Dec 06 '16 at 10:21
  • Thanks Qirel, definitely won't go into production running md5 but thanks for the heads up – Zach Newton Dec 06 '16 at 10:22
  • Thanks Thoaren, implemented and working :) – Zach Newton Dec 06 '16 at 10:35

2 Answers2

1

You probably want use the backtick ` instead of a single quote ' to wrap your table name.

INSERT INTO `login`

When a query fail, it's useful to print the error message. You can do it with mysqli_error:

echo mysqli_error($connection);
Federkun
  • 33,973
  • 8
  • 70
  • 82
0

Use table name without single quote and try to check mysqli error with mysqli_error($connection) just after $result.

Arnab
  • 3,543
  • 1
  • 29
  • 42