I am attempting to make a login using phpmyadmin, but, when I click submit, it inserts blank entries into the database

Question

My class is attempting to make our own game.. But, we can't get the submit page to send to the database in PhpMyAdmin. When you click submit, it sends blank entries to the database, like if you hadn't filled in any of the blanks. Can someone help with this problem. Thanks!!

My index.php page.

<html>

  <head>

    <meta charset="UTF-8">

    <title> Register New Account </title>

    <link rel="stylesheet" type="text/css" href="td.css">

  </head>



  <body>

  <?php
 /* $count=$count+1;
  echo " count " . $count; */


    if($_POST['submit_id'] == 1)
      {

     /* echo "testing"; */

    if($_POST['Username'] == NULL)
      { 
        $message = 'Please enter your Username.';
      }

    if($_POST['Email'] == NULL)
      { 
        $message = 'Please enter your Email.';
      }

    if($_POST['Confirm'] == NULL)
      { 
        $message = 'Please re-enter your Email.';
      }

    if($_POST['Password'] == NULL)
      { 
        $message = 'Please enter your Password.';
      }

    if($_POST['Email'] != $_POST['Confirm'])
      { 
        $message = 'Your emails did not match, Please enter your emails again.';
      }

  }
    if( $message == NULL )
      {
          // if there is no error, test to see if there is already an account by the player_name

          $MySQLlink = new mysqli("localhost", "root", "******", "Tower_Defense");

          // check connection - take out later

          if ( !$MySQLlink )
            {
              printf( "Could not connect to MySQL server : %s", mysqli_connect_error() );
              exit();
            }
          else
            {
              printf( "Connected to the MySQL server" );
              echo "<br>";
           } 

          $result = mysqli_query( $MySQLlink, "SELECT * FROM Users WHERE  ( email = 'email' ) " );

          if($row = mysqli_fetch_array($result))
              {
                $message = "There is an account with that email address already. Please choose another email account";
              }

          mysqli_free_result($result); 

          $result = mysqli_query( $MySQLlink, "SELECT * FROM Users WHERE  ( Username = '$Username' ) " );

          if( $row = mysqli_fetch_array($result) && $message == NULL )
              {
                $message = "There is an account by that player name already. Please choose another Login name";
                mysqli_free_result($result);
              }

          else
              {
              //echo "next date <br>";
                  // create account 
                  $Username        = ($_POST['Username']);
                  $Password        = ($_POST['Password']);
                  $Email           = ($_POST['Email']);
                  $email           = ($_POST['email']);
             //echo "Next one<br>";


                  $TableList = "  `Username`, `Password`, `Email`, `Confirm`   ";

                  $Values    = "  '$Username', '$Password', '$Email', '$Confirm'   ";


    if($message != NULL)
      { 

        echo "$message";
      } 

    ?>

  <div id="container" >

        <div id="header">

            <h1 id="h1">Besco's Biscuits</h1>

            <a href= "http://192.168.131.**/towerdefence/about/index.html" id="a1">About</a>

            <a href="http://192.168.131.**/towerdefence/instruction/index.html" id="a2">Instructions</a>

            <a href="http://192.168.131.**/towerdefence/create/index.html" id="a3"> The Creation Of The Game</a>

            <a href="http://192.168.131.**/towerdefence/cu/index.html" id="a4">Contact Us</a>

        </div>




  <br /> <br /> <br />
    <table align = "center">
      <tr>
    <td>

      Welcome to <b> Besco's Biscuits </b>. Please fill out the following <br />
      areas and we will begin your adventure soon. :)

      </td>
    </tr>
    </table>
    <br /> <br /> <br /> <br /> <br />


    <table align = "center">
      <tr>
    <td> 
       <form action = "<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"> <br />
        Username: <input type="text" name="Username" id= "Username"> <br />
        Email: <input type = "text" name = "Email" id= "Email"> <br />
        Confirm: <input type = "text" name = "Confirm" id= "Confirm"> <br />
        Password: <input type = "password" name = "Password" id = "Password"> <br />
        <input type = "submit" value = "Register" id="submit_id" value = "1"> &nbsp; &nbsp; 
        <input type = "reset" name="Reset" value="Check if Available!" class = "account">


      </form>
    </td>
      </tr>
    </table>




  </body>

</html>

My insert.php page

<html>

  <body>


    <?php
    $Username = $_POST['name'];
      $con=mysqli_connect("localhost", "root", "******", "Tower_Defense");

      //Check Connection

      if (mysqli_connect_errno())
    {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

      $sql="INSERT INTO Users (Username, Email, Confirm, Password)
      VALUES
      ('$_POST[Username]','$_POST[Email]',' $_POST[Confirm]',' $_POST[Password]')";

      if (!mysqli_query($con,$sql))
    {
      die ('Error: ' . mysqli_error($con));
    }
      else 
    {
      echo "1 record added"; 
      echo $_POST[Username];
      //echo "Where is Username?";
      echo $_POST[Email];
      //echo "Where is Email?";
      echo $_POST[Confirm];
      //echo "Where is Confirm";
      echo $_POST[Password];
      //echo "Where is Password";
    }




      mysqli_close($con);
      ?>

  </body>

UPDATE:

I added in the changes that someone had suggested in moving the checks to insert.php and now the email and confirm email check does not work. Can anyone help?

index.php

<html>

  <body>



  <div id="container" >

        <div id="header">

            <h1 id="h1">Besco's Biscuits</h1>

            <a href= "http://192.168.131.34/towerdefence/about/index.html" id="a1">About</a>

            <a href="http://192.168.131.34/towerdefence/instruction/index.html" id="a2">Instructions</a>

            <a href="http://192.168.131.34/towerdefence/create/index.html" id="a3"> The Creation Of The Game</a>

            <a href="http://192.168.131.34/towerdefence/cu/index.html" id="a4">Contact Us</a>

        </div>




  <br /> <br /> <br />
    <table align = "center">
      <tr>
    <td>

      Welcome to <b> Besco's Biscuits </b>. Please fill out the following <br />
      areas and we will begin your adventure soon. :)

      </td>
    </tr>
    </table>
    <br /> <br /> <br /> <br /> <br />


    <table align = "center">
      <tr>
    <td> 
       <form action = "insert.php" method = "post"> <br />
        Username: <input type="text" name="Username" id= "Username" required = "1"> <br />
        Email: <input type = "text" name = "Email" id= "Email" required = "1"> <br />
        Confirm: <input type = "text" name = "Confirm" id= "Confirm" required = "1"> <br />
        Password: <input type = "password" name = "Password" id = "Password" required = "1"> <br />
        <input type = "submit" value = "Register" id="submit_id" value = "1"> &nbsp; &nbsp; 
        <input type = "reset" name="Reset" value="Reset Page" class = "account">


      </form>
    </td>
      </tr>
    </table>




  </body>

</html>

insert.php

<html>

  <body>


    <?php

   if($_POST['submit_id'] == 1)
      {

     echo "testing"; 

    if($_POST['Email'] != $_POST['Confirm'])
      { 
        $message = 'Your emails did not match, Please enter your emails again.';
      }

      }
    if( $message == NULL )
      {
          // if there is no error, test to see if there is already an account by the player_name

          $MySQLlink = new mysqli("localhost", "root", "abc123", "tower_defense");

          // check connection - take out later

          if ( !$MySQLlink )
            {
              printf( "Could not connect to MySQL server : %s", mysqli_connect_error() );
              exit();
            }
          else
            {
              printf( "Connected to the MySQL server" );
              echo "<br>";
           } 

          $result = mysqli_query( $MySQLlink, "SELECT * FROM Users WHERE  ( email = 'email' ) " );

          if($row = mysqli_fetch_array($result))
              {
                $message = "There is an account with that email address already. Please choose another email account";
              }

          mysqli_free_result($result); 

          $result = mysqli_query( $MySQLlink, "SELECT * FROM Users WHERE  ( Username = '$Username' ) " );

          if( $row = mysqli_fetch_array($result) && $message == NULL )
              {
                $message = "There is an account by that player name already. Please choose another Login name";
                mysqli_free_result($result);
              }

          else
              {
              //echo "next date <br>";
                  // create account 
                  $Username        = ($_POST['Username']);
                  $Password        = ($_POST['Password']);
                  $Email           = ($_POST['Email']);
                  $email           = ($_POST['email']);
             //echo "Next one<br>";

                   }
    }


    if($message != NULL)
      { 

        echo "$message";
      } 



      $con=mysqli_connect("localhost", "root", "abc123", "tower_defense");

      //Check Connection

      if (mysqli_connect_errno())
    {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

      $sql="INSERT INTO Users (Username, Email, Confirm, Password)
      VALUES
      ('$_POST[Username]','$_POST[Email]',' $_POST[Confirm]',' $_POST[Password]')";

      if (!mysqli_query($con,$sql))
    {
      die ('Error: ' . mysqli_error($con));
    }
      else 
    {
      echo "1 record added"; 
      echo $_POST[Username];
      //echo "Where is Username?";
      echo $_POST[Email];
      //echo "Where is Email?";
      echo $_POST[Confirm];
      //echo "Where is Confirm";
      echo $_POST[Password];
      //echo "Where is Password";
    }




      mysqli_close($con);
      ?>

  </body>

</html>

Yes, we've used it before. It just seems to have messed up when I added in the checks for Username and Email/Confirm Email. Now, it doesn't show the entries in the database. — Sirforgotten, Mar 25 '14 at 17:54

score 0 · Answer 1 · edited May 23 '17 at 10:26

I see two main problems here -

First, the action of your form points to itself. That means that the $_POST array submits to index.php, and your insert.php page has no access to that information. Index.php runs through the validation checks, and if everything checks out, it assigns the $_POST values to variables and quits. That's where the data dies. There is no method for getting the information over to the file insert.php. So if you manually open the file insert.php in a browser, the $_POST array will be empty, and it will simply insert blanks.

There are several ways to resolve this. The simplest, most expeditious way would be the single page solution - move the insert.php code into the index.php file inside that last else block.

else {
    //echo "next date <br>";
    // create account 
    $Username = $_POST['name'];

    //etc.. code to insert data from insert.php

Another solution would be to move all the validation code to insert.php, display any form errors on that page, and make the user go back a page if validation fails. In that case, you would change the action of the form to insert.php:

<form action="insert.php" method="post">

This approach is less user-friendly, and not an ideal solution. Really a better practice is to use Javascript for form validation and PHP for form processing. That may be outside the scope of your class...

Second, this code is wide open to SQL injection. Instead of putting variables directly into your SQL statements, you need to use parameterized queries. Take a look at this SO question about how to parameterize queries with mysqli.

score 0 · Answer 2 · answered Mar 25 '14 at 19:09

The mistakes that I found:

First things first your code submits the values received from the form to index.php itself so there is no question of values getting insert at the first place because the insert query is not run.
In index.php check the query to SELECT email and username. The variables do not have any value when the query is run because the values get transferred couple of lines AFTER the queries (at the lines where you have $email = $_POST['Email']). Moreover you have missed the $ sign in the query related to email.
Coming to insert.php you have missed quotes in the global variable $_POST[] in the insert query viz. $_POST['email'].

Check for these errors and let me know if it works.

I am attempting to make a login using phpmyadmin, but, when I click submit, it inserts blank entries into the database

2 Answers2