Need help in executing this sql query in php

Question

I have written some code in a php file to create a DB connection and then to receive the POST parameters and insert them in a table. This is not happening. Pleae help.

<?php
   $con=mysqli_connect("localhost","root","","test");

   if (mysqli_connect_errno($con)) {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
   }
   $username = $_POST['username'];
   $tag = $_POST['tag'];
   $id = $_POST['id'];   
   $password = $_POST['password'];
   $result = mysqli_query($con,"INSERT INTO table3 (username,tag,u_id,u_pass) VALUES ('$username','$tag','$id','$password')");
   mysqli_close($con);
?>

Here is the HTML form:

<!DOCTYPE html>
<html>
    <head></head>
    <body>
        <form method="post" action="registerSession.php">
            <input type="hidden" name="username" value="admin">
            <input type="hidden" name="tag" value="yahoo">
        <input type="hidden" name="id" value="admin@yahoo.com">
            <input type="hidden" name="password" value="admin">
            <input type="submit" value="click me">
        </form>
    </body>
</html>

Please learn to use [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php), else you'll be vulnerable to [SQL Injection Attacks](https://en.wikipedia.org/wiki/SQL_injection) — KhorneHoly, Jan 02 '17 at 14:22
Storing PLAIN TEXT password is a dangerous idea. PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) — RiggsFolly, Jan 02 '17 at 14:23
Also remember `type="hidden"` is only hidden on the html page. It is not hidden from prying eyes. — RiggsFolly, Jan 02 '17 at 14:26
@UsmanRana when i press the click me button it is displaying the php code in the browser — Nitin Mamidala, Jan 02 '17 at 14:31
It might help to use `$query = "INSERT INTO table3 (username,tag,u_id,u_pass) VALUES ('$username','$tag','$id','$password')"; $result = mysqli_query($con,$query) or die(mysqli_error($con));` — Strawberry, Jan 02 '17 at 14:37
You should open the html form through the web server for the PHP code to execute. Are you opening the html form directly using right click? — birraa, Jan 02 '17 at 14:39
Describe *"This is not happening"* - For us. How is this executed, as `http://localhost`, or as `file:///`? Check for errors via error reporting and on the query. I can't see this failing otherwise, or if a character is involved that mysql may complain about. — Funk Forty Niner, Jan 02 '17 at 14:48
[*"it is displaying the php code in the browser"*](http://stackoverflow.com/questions/41428542/need-help-in-executing-this-sql-query-in-php#comment70062880_41428542) - That comment is what closed the question, [which I suspected](http://stackoverflow.com/questions/41428542/need-help-in-executing-this-sql-query-in-php#comment70063381_41428542) your using `file:///` instead of `http://localhost` and having a webserver/php/mysql installed. Edit: Not bad huh? @RiggsFolly Happy New Year buddy ;-) — Funk Forty Niner, Jan 02 '17 at 14:48
Maybe a stupid question but do you have php installed on the machine? — Michael, Jan 02 '17 at 14:48
@Fred-ii- The thing is I am using this PHP code to serve my android app. It's working fine with the html form now when I run it from localhost, but it is not working with my android app. So maybe there is some error in my Android code. — Nitin Mamidala, Jan 02 '17 at 15:13

Need help in executing this sql query in php

0 Answers0