PHP-Form validation and insertion using MySql -
i'm using code validate my html form , need add form data table in mysql. how proceed know basics of creating connection , sql databases since i've used form's submit button don't know how data place can insert again
<?php // define variables , initialize empty values $nameerr = $passerr = $emailerr =$cpasserr=""; $name = $pass = $cpass = $email = ""; if ($_server["request_method"] == "post") { if (empty($_post["username"])) { $nameerr = "enter username"; } else { $name = $_post["username"]; } if (empty($_post["password"])) { $passerr = "enter password"; } else { $pass = $_post["password"]; } if (empty($_post["cpassword"])) { $cpasserr = "retype password"; } else { $cpass= $_post["cpassword"]; } if (empty($_post["email"])) { $emailerr = "enter email"; } else { $email = $_post["email"]; } } ?> <html> <head> <style> .error { color: #ff0000; } </style> </head> <body> <form method="post" action="<?php echo htmlspecialchars($_server["php_self"]);?>"> <table border="0" cellspacing="20"> <tbody> <tr> <td>username:</td> <td><input type="text" name="username" accept="" value="<?php echo htmlspecialchars($name);?>"> <span class="error"><?php echo $nameerr;?></span> </td> </tr> <tr> <td>password:</td> <td><input type="text" name="password" accept="" value="<?php echo htmlspecialchars($pass);?>"> <span class="error"><?php echo $passerr;?></span></td> </tr> <tr> <td>confirm password:</td> <td><input type="text" name="cpassword" accept=""value="<?php echo htmlspecialchars($cpass);?>"> <span class="error"><?php echo $cpasserr;?></span></td> </tr> <tr> <td>email:</td> <td><input type="text" name="email" accept="" value="<?php echo htmlspecialchars($email);?>"> <span class="error"><?php echo $emailerr;?></span></td></td> </tr> </tbody> </table> <input type="submit" name="submit" value="submit"> </form> </body> </html> code connection
<?php $host="localhost"; $username="root"; $password="root"; $db_name="lsdb"; $con=mysqli_connect("$host","$username","$password","$db_name"); // check connection if (mysqli_connect_errno()) { echo "failed connect mysql: " . mysqli_connect_error(); } var_dump($_post); $u=$_post['username']; $p=$_post['password']; $e=$_post['email']; $ph=$_post['phone']; $sql="insert register (username,password,email,phone) values ('$u','$p','$e','$ph')"; if (!mysqli_query($con,$sql)) { die('error: ' . mysqli_error($con)); } mysqli_close($con); ?>
first off suggest escaping inputs.
also worth noting use prepared statements , object oriented way of mysqli of documents on oo clearer procedural way.
like :
<?php $u=striptags($_post['username']); $p=striptags($_post['password']); $e=filter_var($_post['email'], filter_sanitize_email); $ph=(int)$_post['phone']; $mysqli = new mysqli($host,$username,$password,$db_name); $query = "insert register (username,password,email,phone) values (?,?,?,?)"; $stmt = $mysqli->prepare($query); $stmt->bind_param("sssi", $u, $p, $e, $ph); $stmt->execute(); $mysqli->close(); ?> it not hurt using hash on password :
<?php $salt = mcrypt_create_iv(16, mcrypt_dev_urandom); $passh = crypt($pass, '$6$'.$salt); ?> do note need store salt in mysql can compare later
so these passwords safer , if database gets stolen passwords remain hashed.
Comments
Post a Comment