Not produced in the database

pinkod02 · May 23, 2023, 8:26pm

Why are the values not being added to the database?
index.php

<?

include "bd/bd.php";
$query=$bd->query("INSERT INTO bazadanuh VALUES('$_GET[name]','$_GET[login]','$_GET[password]')");
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="/css/styles.css">
    <title>wormTest</title>
</head>
<body>
    <header>
        <div class="conteiner">
            <form action="" method="get" >
                <input type="text" id="name" name="name" placeholder="Name">
                <input type="text" id="login" name="login" placeholder="Login">
                <input type="password" id="password" name="password" placeholder="Password">
                <input type="password" id="password2" name="password2" placeholder="Password2">
                <input type="submit" id="button" name="button" value="Отправить" >
            </form>
        </div>
    </header>
</body>
</html>

bd.php

<?php
$bd = mysqli_connect('localhost', 'root', '', 'formTest',);
?>

There are database connections.

mabismad · May 23, 2023, 10:06pm

What result or output do you get on the page when you submit the form? It is highly likely that the use of the short opening php tag <? is not enabled and the php code isn’t being executed. If you do a ‘view source’ of the page in your browser you will see the raw php code.

Do you have php’s error_reporting set to E_ALL and display_errors set to ON, preferably in the php.ini on your system so that php will help you by reporting and displaying all the errors it detects?

You should be using a post method form, since you are performing an action on the page, e.g. inserting data in a database table.

You should use ‘require’ for things your php code must have for it to work.

In html5, an empty action=‘’ attribute is not valid. To cause a form to submit to the same page it is on, leave out the entire action attributed.

The post method form processing code should -

Detect if a post method form was submitted.
Trim (mainly so that you can detect if all white-space characters were entered), then validate all inputs before using them, storing user/validation errors in an array using the field name as the main array index.
After the end of the validation logic, of there are no errors (the array holding the user/validation errors is empty), use the submitted data.
You should be using a prepared query to prevent any sql special characters in a value from being able to break the sql query syntax, which is how sql injection is accomplished.
You should always list out the columns for an insert query. This helps make your code self-documenting and insures that if the order of the columns in the table is altered, that the query will continue to work correctly.
You should NOT store plain-text passwords. Use php’s password_hash() and password_verify().
Your database design must enforce uniqueness (it is the last step in the process.) Any column(s) that must be unique, must be defined as a unique index. You would than test in the error handling for this insert query if a duplicate index error (number) occurred. If the error number is for a duplicate index error, you would setup a message (add it to the array of user/validation errors) letting the user know what was wrong with the data that they submitted.

Gandalf · May 24, 2023, 6:53am

You’re attempting to store data in your database even before you have any data.

That, though, is only one of your problems. Where did you get this code from?

pinkod02 · May 24, 2023, 8:13pm

I wrote it myself, as I see the logic, I just can’t write it, the code doesn’t work

pinkod02 · May 24, 2023, 8:16pm

Warning : Undefined array key “name” in C:\OpenServer\domains\formaTest\index.php on line 4
here is the error

mabismad · May 24, 2023, 8:30pm

Because you don’t have any conditional logic to detect if the form has been submitted (see item #1 in the list I posted), it runs when the page is first requested, when there is no form data.

pinkod02 · May 24, 2023, 8:34pm

I understand the logic, since I wrote the code, I had to send data to the server, but this is not there, now I want to understand why this does not happen, I do not know another form of recording.

mabismad · May 24, 2023, 8:42pm

If you have made functional changes to the code, you need to post it so that we can see the current version.

pinkod02 · May 24, 2023, 8:48pm

Thanks, at the moment I figured out how to add values to the database with the form.

pinkod02 · May 25, 2023, 6:35pm

I want to remove spaces but it doesn’t work

$query=$bd->query("INSERT INTO bazadanuh (name, login, password) VALUES('$_POST[name]','$_POST[login]','$_POST[password]')");
if(isset($_POST['button'])==true){
if($_POST['login']){
$login = $_POST['login'];
$tr=trim($login);

}

}

Also warnings are displayed how to remove it?
Warning: Undefined array key “name” in C:\OpenServer\domains\formaTest\index.php on line 4

Gandalf · May 25, 2023, 6:57pm

should be
$_POST["name"]

but then you should be using prepared statements and you should not be storing passwords as plain text.

pinkod02 · May 25, 2023, 7:11pm

Is this entry needed to remove the spaces in $_POST[“name”]? since with my entry the values \u200b\u200bget into the database, now I want to figure out how to remove the spaces.

Gandalf · May 26, 2023, 6:26am

It’s needed to stop you getting the error!!!

droopsnoot · May 26, 2023, 7:14am

If the problem was the missing quotes around name, wouldn’t PHP produce an “undefined constant” error? OP, which of those lines of code is line 4?

Gandalf · May 26, 2023, 7:17am

Actually, that won’t work as you’re already using double quotes. I suggest you correct your query using prepared statements.

Edit: And what’s the point of trimming the input after you have put it into your database???

mabismad · May 26, 2023, 9:20am

I’ll post my answer in the form of a question (Jeopardy theme can be heard in the background.) Why have you put the conditional logic that detects if the submit button isset() (which is not what was suggested to use) AFTER the point where you have referenced elements of the $_POST data, where those unconditional references will produce undefined index errors when the page is first requested? Wouldn’t you need to put all the code that references the $_POST data INSIDE the conditional branch that has detected if a post method form has been submitted?

You were also told in the 1st reply in the thread that you need to use a prepared query, and why to do so (item #4 in the list I posted) and to not store plain-text passwords, and what to use instead (item #6 in the list I posted.)

mabismad · May 26, 2023, 9:37am

There are two ways of putting an associative index array element inside a double-quoted string -

Leave the quotes off of the associative index name (what the OP is doing.)
Put {} around the variable reference, e.g. {$_POST["name"]} or {$_POST['name']} (both work.)

And here’s a fun fact - when you put a php variable - scalar, array element, object->method() (yes you can put an object method/function reference inside of a string), or object->property inside a double-quoted string, when php parses that string it produces the EXACT same tokenized byte-code as if you had used concatenation to build the string.

system · August 25, 2023, 4:37pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.