Database insertion

PHP
1

Hello,
I am using below script to take data from form and input it into database… But i am getting an error in it.
Webpage says,

Undefined index: fname in C:\wamp\www\learn\index.php on line 8
( ! ) Notice: Undefined index: uname in C:\wamp\www\learn\index.php on line 8
( ! ) Notice: Undefined index: email in C:\wamp\www\learn\index.php on line 8
( ! ) Notice: Undefined index: pass1 in C:\wamp\www\learn\index.php on line 8

can some one tell me my error please.

<?php 
$connect = mysqli_connect("localhost","root","myusername","mypassword");
if(mysqli_connect_errno())
 {echo " No Chance to go"; }
 else { echo "Ön the Rock";}
 
 $sql = "INSERT INTO user(fullname,username,email,password}
         VALUES('$_POST[fname]','$_POST[uname]','$_POST[email]','$_POST[pass1]')";
?>

color: #CF0;
}
#userbox {
    font-family: Georgia, "Times New Roman", Times, serif;
    height: auto;
    width: auto;
    margin-top: 150px;
    margin-right: auto;
    margin-bottom: auto;
    margin-left: auto;
    border: 1px double #000;
    text-align: center;
    font-size: 18px;
    color: #066;
}

</style>
</head>

<body>
<div id="welcome">Welcome to Jungle Book</div>
<div id="userbox">
      <h2>Sign Up Here</h2>
      <form id="registration" >
      <div>Full Name:</div>
      <input type="text" id="fname" placeholder="Your Full Name" required="required"/>
      <div>User Name:</div>
      <input type="text" id="uname" placeholder="Without special characters" required="required" />
      <div>Email:</div>
      <input type="email" id="email" placeholder="Valid Email Id" required="required" />
      <div>Password:</div>
      <input type="password" id="pass1" placeholder="Select a stong Password" required="required" />
      <div>Confirm Password:</div>
      <input type="password" id="pass2" placeholder="Same as above" required="required" /><br />
      <input type="submit" value="Register"  />
      </form>

  
    
    
</div>
</body>
</html>
2

You are missing the “name” attribute in your form inputs.

<form id="registration" >
      <div>Full Name:</div>
      <input type="text" name="fname" id="fname" placeholder="Your Full Name" required="required"/>
      <div>User Name:</div>
      <input type="text" name="uname" id="uname" placeholder="Without special characters" required="required" />
      <div>Email:</div>
      <input type="email" name="email" id="email" placeholder="Valid Email Id" required="required" />
      <div>Password:</div>
      <input type="password" name="pass1" id="pass1" placeholder="Select a stong Password" required="required" />
      <div>Confirm Password:</div>
      <input type="password" name="pass2" id="pass2" placeholder="Same as above" required="required" /><br />
      <input type="submit" name="submit" value="Register"  />
</form>

You should also wrap the processing in an IF condition so it only is run when condition is met.

<?php
if(isset($_POST['submit'])):
	$sql = "INSERT INTO user(fullname,username,email,password}
         VALUES('{$_POST['fname']}','{$_POST['uname']}','{$_POST['email']}','{$_POST['pass1']}')";
	//Do query	
		
endif;
?>
3

What is sent from an input field is it’s NAME attribute along with the VALUE. for example:

<form method="POST">
<input name="username" type="text">
<br>
<input type="submit" value="submit">
</form>

So, if you post this form, the username will be available with $_POST[‘username’]; . The attributes “id” aren’t posted to the PHP code, only the “name” attributes.

If you write an index that doesn’t exists, like $_POST[‘whatever’];, you’ll get a similar warning. Like Notice: Undefined index: whatever in

Now, in your HTML form, you use <form> without any method. The default method will be a GET, so you’ll never POST your fields. You should also add a method=“POST” like this:

<form method="POST">

to your form.

The GET method uses the URL and you shouldn’t use it in this case.

4

Not to mention storing plain text passwords and posting directly to query without doing any validation.

5

I have changed the code as per the suggestions… No error is coming but nothing is entered in the database too.

updated whole code:

<?php 
if(isset($_POST['submit'])):

   $connect = mysqli_connect("localhost","root","sultan","learn");
if(mysqli_connect_errno())
 {echo " No Chance to go"; }
 else { echo "Ön the Rock";}
 
 $fname=$_POST['fname'];
 $uname=$_POST['email'];
 $email=$_POST['email'];
 $pass1=$_POST['pass1'];
 
 $sql = "INSERT INTO user(fullname,username,email,password}
         VALUES('$fname','$uname','$email','$pass1')";
    
endif; 
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
#welcome {
    font-family: "Brush Script MT";
    text-align: center;
    height: auto;
    width: 100%;
    font-size: 40px;
    font-weight: bold;
    color: #CF0;
}
#userbox {
    font-family: Georgia, "Times New Roman", Times, serif;
    height: auto;
    width: auto;
    margin-top: 150px;
    margin-right: auto;
    margin-bottom: auto;
    margin-left: auto;
    border: 1px double #000;
    text-align: center;
    font-size: 18px;
    color: #066;
}

</style>
</head>

<body>
<div id="welcome">Welcome to Jungle Book</div>
<div id="userbox">
      <h2>Sign Up Here</h2>
      <form id="registration" method="post" >
      <div>Full Name:</div>
      <input type="text" name="fname" placeholder="Your Full Name" required="required"/>
      <div>User Name:</div>
      <input type="text" nme="uname" placeholder="Without special characters" required="required" />
      <div>Email:</div>
      <input type="email" name="email" placeholder="Valid Email Id" required="required" />
      <div>Password:</div>
      <input type="password" name="pass1" placeholder="Select a stong Password" required="required" />
      <div>Confirm Password:</div>
      <input type="password" name="pass2" placeholder="Same as above" required="required" /><br />
      <input type="submit" id="register" value="submit"  />
      </form>

  
    
    
</div>
</body>
</html>
6

You are not executing the query. It would be a good idea to bind those variables as well.
I rarely work with mysqli (I use PDO) but I believe you define variables after binding something like this.

<?php
$sql = "INSERT INTO user(fullname,username,email,password)
         VALUES(?,?,?,?)";
$stmt = $connect->prepare($sql);
$stmt->bind_param('ssss', $fname,$uname,$email,$pass1 );

$fname=$_POST['fname'];
$uname=$_POST['email'];
$email=$_POST['email'];
$pass1=$_POST['pass1'];
$stmt->execute();
?>
7

And there’s a typo:


<input type="text" nme="uname" placeholder="Without special characters" required="required" />

should read name=“uname”.

8

Got success and understood my mistake too… Thanks all for your suggestions.

9

You are still not validating before inserting in the database.
You should NEVER use the above statements without testing that the $_POST value is valid before copying it - otherwise you are just copying potentially invalid or dangerous data.