All geek questions in one place

Insert HTML form in MYSQL

Well, this is probably very easy for all of you PHP / MYSQL experts, but I just studied and I ended up at the checkpoint. I made a register form form in HTML and I want to insert user input into an MSQL database using PHP.

Here is my form:

<form action="" method="post">
<p>First Name: <br><input type="text" name="user_firstname" size="25 maxlength="25"/</p>
<p>Last Name: <br><input type="text" name="user_lastname" size="25" maxlength="25" /></p>
<p>Email Address: <br><input type="email" id="email" name="user_email" size="25" maxlength="40"/><p>
<p>Create a Password: <br><input type="password" name="user_password" size="25" maxlength="40"/></p>
<p><br><input type="submit" value="register"/></p>
</form>

and here is my php code:

$host = "localhost";
$user = "root";
$password = "";
$database = "listings_db";
$tbl_name = "users"

$link = mysqli_connect($host, $user, $password, $database) or die("Error " . mysqli_error($link));

if (isset($_POST['user_firstname'], 
      $_POST['user_lastname'], 
      $_POST['user_email'], 
      $_POST['user_password'], 
      $_POST['user_type'])) 
{
        $firstname = $_POST['user_firstname'];
        $lastname = $_POST['user_lastname'];
        $email = $_POST['user_email'];
        $password = $_POST['user_password'];
        $type = $_POST['user_type'];

$errors = array();

    if(empty($firstname) 
        || empty($lastname) 
        || empty($email) 
        || empty($email) 
        || empty($password) 
        || empty($type)) 
            {$errors [] = '*All fields are required!';}     
else {
    if(filter_var($email, FILTER_VALIDATE_EMAIL) === false) 
            {$errors[] = '*The email address you entered is not valid!' ;}

    if(strlen($firstname) > 25) {$errors[] = '*The email address you entered contains too many characters!';}
    if(strlen($lastname) > 25) {$errors[] = '*The first name you entered contains too many characters!';}
    if(strlen($email) > 40) {$errors[] = '*The last name you entered contains too many characters!';}   
    if(strlen($password) > 40) {$errors[] = '*The password you entered contains too many characters!';} 
    if(strlen($type) != true){$errors[] = '*Please select an account type!';}
    }

    $firstname1 = mysqli_real_escape_string($firstname);
    $lastname1  = mysqli_real_escape_string($lastname);
    $email1 = mysqli_real_escape_string($email);
    $password1 = mysqli_real_escape_string($password);


    $query = mysqli_query($link, "INSERT INTO users (user_id, user_firstname, user_lastname, user_email, user_password) VALUES ('', '$firstname', '$lastname', '$email', '$password')");
}

What happened to my code? Thanks in advance for your help!

+4
source share
3 answers

If you are new to PHP / MySQL, you really should not start by using a procedural style, since it is clunk and really not recommended. If you do OOP (Object Orientated Programming), now it will save you problems in the long run!

Example:

mysqli_connect($host, $user, $password, $database) or die("Error " . mysqli_error($link));

Must become

 $conn = new mysqli($host, $user, $password, $database);
// check connection
if ($conn->connect_error) {
  trigger_error('Database connection failed: '  . $conn->connect_error, E_USER_ERROR);
}

and

    $firstname1 = mysqli_real_escape_string($firstname);

to

    $firstname1 = $conn->real_escape_string($firstname);

PHP (.. ..), OOP, !

, :

1. >

<p>First Name: <br><input type="text" name="user_firstname" size="25 maxlength="25"/></p>

2. post "user_type",

3 1 , ( 1 , , )

$firstname1 = mysqli_real_escape_string($firstname);
$lastname1  = mysqli_real_escape_string($lastname);
$email1 = mysqli_real_escape_string($email);
$password1 = mysqli_real_escape_string($password);


$firstname_escaped = mysqli_real_escape_string($firstname);
$lastname_escaped  = mysqli_real_escape_string($lastname);
$email_escaped = mysqli_real_escape_string($email);
$password_escaped = mysqli_real_escape_string($password);

4 INSERT, ( ),

$query = mysqli_query($link, "INSERT INTO users (user_id, user_firstname, user_lastname, user_email, user_password) VALUES ('', '$firstname', '$lastname', '$email', '$password')");


$query = mysqli_query($link, "INSERT INTO users (user_firstname, user_lastname, user_email, user_password) VALUES ('$firstname', '$lastname', '$email', '$password')");

5 !!!! , !!!!!

 $password = md5($_POST['user_password']); //added md5 encryption

PHPass, PHP crypt() !

+5
<p>First Name: <br><input type="text" name="user_firstname" size="25 maxlength="25"/</p>

, >

<p>First Name: <br><input type="text" name="user_firstname" size="25 maxlength="25"/></p>

$_POST['user_type'] HTML PHP.

('', '$firstname1', '$lastname1', '$email1', '$password1')

0

I suggest you use the HTML5 attributes 'required' and 'pattern', and your PHP code will be much shorter.

<form action="" method="post">
  <p>First Name: <br><input type="text" name="user_firstname" size="25" maxlength="25" pattern="[A-Za-z]{1,25}" required /></p>
  <p>Last Name: <br><input type="text" name="user_lastname" size="25" maxlength="25" pattern="[A-Za-z]{1,25}" required /></p>
  <p>Email Address: <br><input type="email" id="email" name="user_email" size="25" maxlength="40" pattern="[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}$" required /><p>
  <p>Create a Password: <br><input type="password" name="user_password" size="25" maxlength="40" pattern="[A-Za-z0-9]{8,40}" required /></p>
  <p><br><input type="submit" value="register"/></p>
</form>

And a PHP script:

$host     = "localhost";
$user     = "root";
$password = "";
$database = "listings_db";
$tbl_name = "users";

$link = mysqli_connect($host, $user, $password, $database) or die("Error " . mysqli_error($link));

$firstname = mysqli_real_escape_string($_POST['user_firstname']);
$lastname  = mysqli_real_escape_string($_POST['user_lastname']);
$email     = mysqli_real_escape_string($_POST['user_email']);
$password  = mysqli_real_escape_string($_POST['user_password']);

$query = mysqli_query($link, "INSERT INTO $tbl_name (user_firstname, user_lastname, user_email, user_password) VALUES ('$firstname', '$lastname', '$email', '$password')");
0
source

Source: https://habr.com/ru/post/1538112/

More articles:


All Articles