My registration form details are not getting into my phpmyadmin the database

after registering a user their information is not entered into the phpadmin database.
here is my code

<?php
 session_start();
 
// connect to databse
$db = mysqli_connect("localhost", "username","password","user_aunthentication") or die("could not connect");

if (isset($_POST['register_btn'])){
	session_start();
	$username = mysqli_real_escape_string($_POST['username']);
	$email = mysqli_real_escape_string($_POST['email']);
	$password = mysqli_real_escape_string($_POST['password']);
	$password2 = mysqli_real_escape_string($_POST['password2']);
	
	if ($password == $password2){
		//create user
		$password =md5($password);// hash password before storing for security purposes
		$sql = "INSERT INTO users(username,email,password) VALUES('$username','$email,'$password')";
		mysqli_query($db, $sql);
		$_SESSION['message'] = "You are now logged in";
		$_SESSION['username'] = $username;
		header("location: home.php"); //redirect to home page
		
	}else{
		$_SESSION['message'] = "The two passwords do not match";
	}
	}

?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Register, Login and Logout user php my sql</title>
</head>

<body>
<div class="header">
	<h1> Register, Login and Logout user php my sql</h1>
</div>
	
<form method="post" action="register.php">
	<table>
		<tr>
			<td>Username:</td>
			<td><input type="text" name="Username" class="textInput"></td>
		</tr>
		<tr>
			<td>Email:</td>
			<td><input type="email" name="email" class="textInput"></td>
		</tr>
		<tr>
			<td>Password:</td>
			<td><input type="password" name="password" class="textInput"></td>
		</tr>
		<tr>
			<td>Password again:</td>
			<td><input type="password" name="password2" class="textInput"></td>
		</tr>
		<tr>
			<td></td>
			<td><input type="submit" name="register_btn" class="Register"></td>
		</tr>
	</table>
	
</form>	
	
</div>	
</body>
</html>

Your post needs cleaning up tag-wise, you should obfuscate your password rather than posting it in a public space.

You also shouldnt be trying to session_start twice in the same code path.
Your variables at the start of the real_escape_string lines dont seem to have $'s in front of them.
You should investigate Prepared Statements, and potentially shifting to PDO.
You should not be using md5 as a password hashing algorithm.

That is not the actual password.

I removed the second session start and also used password_hash. Can elaborate variables at start of real_escape_string dont have $ infront of them.? here is my updated php code.

<?php
 session_start();
 
// connect to databse
$db = mysqli_connect("localhost", "XXXX","XXXXX","djboziah_aunthentication") or die("could not connect");

if (isset($_POST['register_btn'])){
	
	$username = mysqli_real_escape_string($_POST['username']);
	$email = mysqli_real_escape_string($_POST['email']);
	$password = mysqli_real_escape_string($_POST['password']);
	$password2 = mysqli_real_escape_string($_POST['password2']);
	
	if ($password == $password2){
		//create user
		$password =password_hash($password);// hash password before storing for security purposes
		$sql = "INSERT INTO users(username,email,password) VALUES('$username','$email,'$password')";
		mysqli_query($db, $sql);
		$_SESSION['message'] = "You are now logged in";
		$_SESSION['username'] = $username;
		header("location: home.php"); //redirect to home page
		
	}else{
		$_SESSION['message'] = "The two passwords do not match";
	}
	}

?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Register, Login and Logout user php my sql</title>
</head>

<body>
<div class="header">
	<h1> Register, Login and Logout user php my sql</h1>
</div>
<?php
	if (isset ($_SESSION['message'])){
		echo "<div id='error_msg'>" .$_SESSION['message']."</div>";
		unset($_SESSION['message']);
	}
?>		
<form method="post" action="register.php">
	<table>
		<tr>
			<td>Username:</td>
			<td><input type="text" name="Username" class="textInput"></td>
		</tr>
		<tr>
			<td>Email:</td>
			<td><input type="email" name="email" class="textInput"></td>
		</tr>
		<tr>
			<td>Password:</td>
			<td><input type="password" name="password" class="textInput"></td>
		</tr>
		<tr>
			<td>Password again:</td>
			<td><input type="password" name="password2" class="textInput"></td>
		</tr>
		<tr>
			<td></td>
			<td><input type="submit" name="register_btn" class="Register"></td>
		</tr>
	</table>
	
</form>	
	
</div>	
</body>
</html>

adding $ infront of mysqli_real_escape_string led to page cannot be found error after entering details to register a user.

In here:

mysqli_query($db, $sql);

if you look at the return from mysqli_query() you can see whether the query worked, or whether it returned an error. You should really do that before blindly redirecting the user to another page and presuming they’ve registered correctly. What happens if the user has chosen a duplicate username, or if their email address already exists?

If you’ve just changed the way you store passwords, is the database column long enough for a password_hash()? I seem to recall they’re quite a big bigger than MD5 hashes. I think you’re missing a parameter on password_hash(), too.

That’s because adding the dollar-sign turns a function name into a variable name. I think the initial comment from @m_hutley about missing $ signs referred to your first post before it was edited.

As for these

$username = mysqli_real_escape_string($_POST['username']);
$email = mysqli_real_escape_string($_POST['email']);
$password = mysqli_real_escape_string($_POST['password']);
$password2 = mysqli_real_escape_string($_POST['password2']);

have a look at the documentation for that function, you have a parameter missing. Don’t you get error messages? I’m not sure the first one will be found anyway (I’m never 100% sure on case-sensitivity in these places) because of this:

<td><input type="text" name="Username" class="textInput"></td>

I would assume not, which is why the first step of debugging will be:

Insert at the top of your code:

<?php
ini_set('display_errors','1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

I do not get errors, after registration i receive a welcome ‘user’ message, but the user is not created in the Dabatase users table.

You don’t get errors after you added the code that @m_hutley suggested above? If you don’t enable error-reporting, you may not get error messages. You should also add an exit() just before your page redirect - when you redirect to another page, you won’t see any error messages because the new page will clear the browser.

As I said earlier, though, you don’t check to see whether your query executed without errors or not, you just run the query, and go straight on to the home page whether it worked or not. Get the return from mysqli_query() and see what it is.

Everyone thank you soo much for your help. I am new in php and my sql so excuse me when i don’t understand some syntax. I tried to test registration form on local server xampp, i also used different php code from what i provided, Everything works registered user is added to Database login works, logout works. Now I just need to deploy it to my website. I dont know how to deploy that to my website.Any help will be appreciated.

there is error log file created in my hostgator server…here is the log
[08-Jun-2020 16:23:51 America/Chicago] PHP Warning: mysqli_connect(): (HY000/2005): Unknown MySQL server host ‘djboziah_josiah’ (0) in /home4/djboziah/public_html/registration/server.php on line 11
[08-Jun-2020 16:23:51 America/Chicago] PHP Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given in /home4/djboziah/public_html/registration/server.php on line 16
[08-Jun-2020 16:23:51 America/Chicago] PHP Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given in /home4/djboziah/public_html/registration/server.php on line 17
[08-Jun-2020 16:23:51 America/Chicago] PHP Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given in /home4/djboziah/public_html/registration/server.php on line 18
[08-Jun-2020 16:23:51 America/Chicago] PHP Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given in /home4/djboziah/public_html/registration/server.php on line 19

sorry warnings not errors.

[08-Jun-2020 16:12:11 America/Chicago] PHP Warning: mysqli_connect(): (HY000/2005): Unknown MySQL server host ‘djboziah_josiah’ (0) in /home4/djboziah/public_html/registration/server.php on line 11

I suspect that the first of those is causing the rest. Because you cannot open the database connection successfully, that function returns false. You then pass than into each of the other functions, hence the message “expects database link, given a Boolean”.

You need to check the details you are providing in the connect function - the server address, username and password, database name, and whether that username and password has permission to connect to the database. I don’t use mysqli myself, I prefer PDO, so I can’t say why the inability to connect doesn’t trigger your die function.

Tricky to offer any ideas on code that isn’t posted.

what would be the exact syntax to use for PDO, is the server address necessary since the code is executing on the actual host server which is local. here is the code `<?php
session_start();

// variable declaration
$username = "";
$email    = "";
$errors = array(); 
$_SESSION['success'] = "";

// connect to database
$db = mysqli_connect('localhost', 'xxxxx', 'xxxxxx', 'djboziah_registration');

// REGISTER USER
if (isset($_POST['reg_user'])) {
	// receive all input values from the form
	$username = mysqli_real_escape_string($db, $_POST['username']);
	$email = mysqli_real_escape_string($db, $_POST['email']);
	$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
	$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

	// form validation: ensure that the form is correctly filled
	if (empty($username)) { array_push($errors, "Username is required"); }
	if (empty($email)) { array_push($errors, "Email is required"); }
	if (empty($password_1)) { array_push($errors, "Password is required"); }

	if ($password_1 != $password_2) {
		array_push($errors, "The two passwords do not match");
	}

	// register user if there are no errors in the form
	if (count($errors) == 0) {
		$password = md5($password_1);//encrypt the password before saving in the database
		$query = "INSERT INTO users (username, email, password) 
				  VALUES('$username', '$email', '$password')";
		mysqli_query($db, $query);

		$_SESSION['username'] = $username;
		$_SESSION['success'] = "You are now logged in";
		header('location:index.php');
	}

}

// ... 

// LOGIN USER
if (isset($_POST['login_user'])) {
	$username = mysqli_real_escape_string($db, $_POST['username']);
	$password = mysqli_real_escape_string($db, $_POST['password']);

	if (empty($username)) {
		array_push($errors, "Username is required");
	}
	if (empty($password)) {
		array_push($errors, "Password is required");
	}

	if (count($errors) == 0) {
		$password = md5($password);
		$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
		$results = mysqli_query($db, $query);

		if (mysqli_num_rows($results) == 1) {
			$_SESSION['username'] = $username;
			$_SESSION['success'] = "You are now logged in";
			header('location:index.php');
		}else {
			array_push($errors, "Wrong username/password combination");
		}
	}
}

?>`

is this the exaxt syntax for PDO
$db = PDO_connect(‘localhost’, ‘xxxxxx’, ‘xxxx’, ‘djboziah_registration’);

I’ve never connected to PDO that way, where did you get that syntax from? Some description of how to connect to PDO is here: https://phptherightway.com/#pdo_extension

as well as having all the functions described at php.net

Note also that you’ll have to change the other functions that interact with your database if you switch to PDO.

You seem to have reverted to using md5() to hash your passwords, rather than using password_hash() and password_verify().

Thank you.

No. That is a user defined function call. Read the free manual for the answer.
https://www.php.net/manual/en/pdo.connections.php

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.