Explore our sites

Stack Exchange
tour help
Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote -4 down vote favorite

So Im Making A SignUp Form And Its Going Very Good. I Dont Want To The Code, So Im Gonna Give An Example.

<form action="register.php" name="signup_form">

<input type="text" name="username" method='POST'/>
<input type="password" name="password" method='POST'/>

</form>

Here Is The Register.php Script

$accounts = mysql_connect("localhost", "root", "") or die (mysql_error());

mysql_select_db("register", $accounts);

$sql = " INSERT INTO users (username, password) Values (????)

 mysql_query($sql, $accounts)

How Do I, Where The Question Marks Are Post Data To The Database Form The Form Instead Of Personaly Entering Names. I Was Thinking Of SomeThing Like $_Post['Username'] But I Dont Know Please Help Me.

share|improve this question
add comment

put on hold as off-topic by deceze, HamZa, andrewsi, Luc M, gustavohenke Dec 4 at 1:46

This question appears to be off-topic. The users who voted to close gave this specific reason:

  • "Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist" – deceze, HamZa, Luc M, gustavohenke
If this question can be reworded to fit the rules in the help center, please edit the question.

6 Answers

up vote 1 down vote

I think if this is your code looks like, then u will not get data using $_POST

. as by default submission method is GET.

To get data in $_POST u have to define method attribute of form tag. Like :

<form action="register.php" name="signup_form" method="post">

After that u can use simple insert statement like :

$sql = 'INSERT INTO users(username, password) VALUES ("'.$_POST["username"].'","'.$_POST["password"].'")';

Hope this will help you.

share|improve this answer
add comment
up vote 0 down vote 
$sql = " INSERT INTO users (username, password) Values (".$_POST['username'].",".$_POST['password'].")";

Change the line of code with this. It should be working, but it's the most unsafe piece of code i ever saw in my life. You should really sanitize you inputs.

EDIT: oh and put method="post" in the form fields not in the input.

share|improve this answer
2  
Look at stackoverflow.com/questions/60174/… to see on how to prevent SQL injection –  user1781290 Dec 3 at 10:00
add comment
up vote 0 down vote

First off, never, ever, ever use the PHP mysql_ functions. They are deprecated and should be replaced with mysqli_. (See documentation: here).

As for your $SQL statement, the following will do what you want, but I urge you to look into prepared statements and sanitise your input. Your current code is insanely dangerous and open to all kinds of issues.

$sql = "INSERT INTO `users` (username, password) VALUES ('" . $_POST['username'] . "', '" . $_POST['password'] . "');";

Once again, PLEASE look into prepared statements and input sanitisation.

share|improve this answer
 
Also - as CosLu stated - method='post' should be in the form tag, not the fields. –  Xarus Dec 3 at 10:03
 
Okay - so the best piece of advice I can give you with this, is to read the documentation on php.net for any functions you use. Also, as a helpful bonus, check out [this](hackthissite.org) in order to get a basic grasp of security within web applications. Good luck! –  Xarus Dec 3 at 10:08
add comment
up vote 0 down vote

IMPORTANT

Putting into db some text written by a user without sanitizing it is very dangerous. It's an easy way for hackers to attack your website. To be more precise, you can suffer SQL INJECTION

HOW TO SOLVE YOUR PROBLEM?

The solution offered bu @CosLu suffers SQL injection. Infact, you are putting data directly into your query, without sanitizing them.

/* DANGEROUS!!!!!!!!!! */
$sql = " INSERT INTO users (username, password) Values (".$_POST['username'].",".$_POST['password'].")";

There are many way to sanitize data and to make them secure before inserting into the database. The way I use and i love is PDO.

In your situation, the good way to put everything into the database would be like

/*You must connect to DB first. Then, $dbh contains the handler to the database*/
$stmt = $dbh-> prepare('INSERT INTO users (username, password) Values (:username, :password)')
$stmt = $dbh->bindParam(":username", $_POST['username']); //sanitize
$stmt = $dbh->bindParam(":password", $_POST['password']); //sanitize
$stmt->execute();

This way, you are safely inserting everyting into the database.

share|improve this answer
 
I'm not giving a solution, i was just answering the question... grazie. –  CosLu Dec 3 at 10:07
 
Yes i saw...but i wanted to be more complete in order to avoid problems...like the user copying/pasting your solution and then making his website unsecure! –  Alberto Fontana Dec 3 at 10:09
add comment
up vote 0 down vote

$sql="INSERT INTO users (username, password) Values($_POST['username']"','"$_POST['password']"')";

share|improve this answer
 
You should fix the double quotes here. –  CosLu Dec 3 at 10:07
 
rit ...i have to fix the quotes prob –  Tushar Sharma Dec 3 at 10:12
 
$sql="INSERT INTO users (username, password) Values('"$_POST['username']"','"$_POST['password']"')"; –  Tushar Sharma Dec 3 at 10:13
add comment
up vote 0 down vote

You are on right track. you need to address method to form as post

<form action="register.php" name="signup_form" method="post">

and 

$sql = " INSERT INTO users (username, password) Values ('".trim($_POST['username'])."','".trim($_POST['password'])."')";

You can use this. But I will suggest use validation before any database related operation

share|improve this answer
 
I Just Recently Got Into Php And I Am Going To Take Your Advive And Look Into That But Im Only 14. I Understand That It Has To Be Sanatized And Stuff But This Is Not My Code. This Is And 'EXAMPLE'. And Can You Explain To Me Why You Put .trim In Front Of It And What Is Validation @Poonam –  JayThurman Dec 3 at 10:05
 
nice to know you started working so early. trim is used to remove extra space before or after the content. rest validation I mean isset , empty and if its email then email validation –  Poonam Dec 3 at 10:08
 
Thanks. And Thank You For Your Help. If I Could Give You A Tick I Would. And Since Im A Noob Here Why Is There A -4 By My Question? –  JayThurman Dec 3 at 10:11
 
You can give a tick. –  Poonam Dec 3 at 10:11
 
-4 indicates 4 people downvoted your question. Since it is very basic for php developer. –  Poonam Dec 3 at 10:12
add comment

Not the answer you're looking for? Browse other questions tagged or ask your own question.