0

i am using php and mysql db , i want take the values from the two input type and insert them to data base when the button save clicked when run the code no erros shown but its do not save in the db here is the code. (note that the id is auto increment and the admin table contains three columns id,username , password) addAdmin.php : 

<?php include("connect.php");?>
<div class="col-md-12">
<!-- Add admin -->
<div class="box box-info">
  <div class="box-header with-border">
    <h3 class="box-title">Add admin</h3>
  </div>
  <!-- /.box-header -->
  <!-- form start -->
  <form id="adminForm" class="form-horizontal" action="" method = "get">
    <div class="box-body">

        <div class="form-group">
        <label for="inputName" class="col-sm-2 control-label">User 
  name</label>

        <div class="col-sm-10">
          <input type="text" class="form-control" id="inputName" 
           placeholder="user name" name="username" required >
        </div>
      </div>

      <div class="form-group">
        <label for="inputPassword3" class="col-sm-2 control-
  label">Password</label>

        <div class="col-sm-10">
          <input type="password" class="form-control" id="inputPassword3" 
  placeholder="Password" name="password" required>
        </div>

      </div>





    </div>
    <!-- /.box-body -->
    <div class="box-footer">
        <input  type = "submit" class="btn btn-info pull-right save" name = 
     "submit" value = "save">
      <?php 
      if(isset($_POST["submit"])) {
          $name = $_GET['username'];
          $password = $_GET['password'];


          $insertNewAdmin = "INSERT INTO `admin` VALUES 
          ('$name','$password')";
          mysql_query($insertNewAdmin);

      }
      ?>
    </div>
    <!-- /.box-footer -->
  </form>
</div>
<!-- /.box -->
</div>
Improve this question
9
  • 3
    You need to stop using mysql_* functions. They have been deprecated for years and don't even exist in current PHP releases. I suggest studying about PHP Data Objects, known as PDO for short, for a more modern approach. Commented May 26, 2017 at 14:44
  • 2
    Little Bobby says your script is at risk for SQL Injection Attacks.. Even escaping the string is not safe! Commented May 26, 2017 at 14:45
  • 2
    Never store plain text passwords! Please use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack. It is not necessary to escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. Commented May 26, 2017 at 14:45
  • 1
    Do you only have 2 columns in your database? If not you'll have to use the longer version of an INSERT statement where you specify the columns. Even though no errors show on your web page there might be errors in the error logs of your web server. Commented May 26, 2017 at 14:47
  • 1
    I see another big issue. OP also set the form method to get and is checking for a POST Commented May 26, 2017 at 14:58

1 Answer 1

Reset to default
3

Allow me to re write your full code for you using the recommended industry standards. First of all you should never ever use the get method $_GET when sending a form data to a database more especially when it contains passwords.

mysql_* api that you are using has been depreciated since I was doing my second year at college, I have graduated and with 3 years working experience, since it was depreciated ;) and was completely remove on php 7.. therefore you should be using mysqli_* or PDO as of v5.5.0 see : Why shouldn't I use mysql_* functions in PHP?

then another issue with your code is at risk of sql inections as @Jay Blanchard have stated above, you can follow his block here to learn more about what he' saying : http://jayblanchard.net/demystifying_php_pdo.html

so to solve what Jay have highlighted above we use something called prepared statements : which prevents against SQL injections.

Then we also in the modern days do not store passwords in plain texts or md5 these days we use password_hash() and password_verify() to store password hash in the database and check the stored password against the user entered password:

in my code you will see : (userNameColumnName,passwordColumnName) userNameColumnName is the column in your table where you will store username and passwordColumnName is teh column in your table where you will store password and make sure the char length is at least 60 chars or better 255.

You can't insert values like this "INSERT INTOadminVALUES ('$name','$password') unless you have exactly two fields in your tabl e as I guess you don't you should atleast have 3. connect.php

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

then the other page

<?php include("connect.php");

    $errors=false;

if(isset($_POST['submit'])){

    $fields = array("username","password");
    foreach($fields as $fieldname){
        if(!isset($_POST[$fieldname]) && empty($_POST[$fieldname])){

            echo "enter username and password";
            $errors = true;
        }
    }

    if(!$errors){

        $username = $_POST['username'];
        $password = $_POST['password'];

        $hash = password_hash($password);

        $sql = "INSERT INTO admin (userNameColumnName,passwordColumnName) VALUES(?,?)";

        $stmt = $conn->prepare($sql);
        $stmt->bind_param("ss",$username,$hash);
        if($stmt->execute()){

            echo "user added";
        }else{

            echo "error adding user";
            error_log("error".$conn->error); // go and check your error log what was the error
        }
    }

}

?>
<div class="col-md-12">
    <!-- Add admin -->
    <div class="box box-info">
        <div class="box-header with-border">
            <h3 class="box-title">Add admin</h3>
        </div>
        <!-- /.box-header -->
        <!-- form start -->
        <form id="adminForm" class="form-horizontal" action="" method = "POST">
            <div class="box-body">
                <div class="form-group">
                    <label for="inputName" class="col-sm-2 control-label">User 
                    name</label>
                    <div class="col-sm-10">
                        <input type="text" class="form-control" id="inputName" 
                            placeholder="user name" name="username" required >
                    </div>
                </div>
                <div class="form-group">
                    <label for="inputPassword3" class="col-sm-2 control-
                        label">Password</label>
                    <div class="col-sm-10">
                        <input type="password" class="form-control" id="inputPassword3" 
                            placeholder="Password" name="password" required>
                    </div>
                </div>
            </div>
            <!-- /.box-body -->
            <div class="box-footer">
                <input  type = "submit" class="btn btn-info pull-right save" name = "submit" value = "save">
            </div>
            <!-- /.box-footer -->
        </form>
    </div>
    <!-- /.box -->
</div>
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

OP is a beginner. might not understand this $sql = "INSERT INTO admin (userNameColumnName,passwordColumnName) VALUES(?,?)"; OP might even copy the whole thing and paste. ALthough your answer is perfect +1
@Akintunde thanks, I'm writing the explanations as we speak
Awesome. Please do
@Akintunde I have updated please see, if it all makes sense
@MasivuyeCokile thank you for the great answer , but may be i am doing something wrong when using your code , it is did not work , the admin table contains three columns (id_admin , user_name , password), and the id_admin is auto increment , i use the insert statment like this $sql = "INSERT INTO admin (user_name,password) VALUES('$username','$password')";
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.