Connecting MySql with PHP

Forge_Face_The_Great · September 30, 2022, 9:18pm

I am having issues connecting php to mysql. I don’t really know what I am doing in the first place but I need to make a signup page that will send the user’s data to my database but I can’t seem to get it working.
Here is connection.php. I removed my credentials.

<?php
    $dbhost = "sql201.epizy.com";
    $dbuser = "";
    $dbpass = "";
    $dbname = "";

    if (!$con = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname))
    {
        die ("Failed to connect to database!");
    }
?>

Here is my signup.php

<?php
    session_start();

        include("connection.php");
        include("functions.php");

        if ($_SERVER['REQUEST_METHOD'] == "POST")
        {
            $first_name = $_POST['first_name'];
            $last_name = $_POST['last_name'];
            $email = $_POST['email'];
            $phone = $_POST['phone'];
            $address = $_POST['address'];
            $city = $_POST['city'];
            $zip = $_POST['zip'];
            $password = $_POST['password'];

            if (!empty($first_name) && !empty($last_name) && !empty($email) && !empty($address) && !empty($city) && !empty($state) && !empty($zip) && !empty($password))
            {
                $user_id = random_num(20);
                $query = "insert into users (user_id, first_name, last_name, email, phone, address, city, state, zip, password) values ('$user_id', '$first_name', '$last_name', '$email', '$phone', '$address', '$city', '$state', '$zip', '$password')";
            
                mysqli_query($con, $query);

                // After user signs up they get sent to login page
                // Log in is not automatic on signup.
                header("Location: login.php");
                die;
            }
            else
            {
                echo "Please enter valid information!";
            }
        }
?>

<!DOCTYPE html>
<html>
   <head>
      <meta name='viewport' content='width=device-width, initial-scale=1'>
      <link rel='stylesheet' href='http://raeridinglessons.infinityfreeapp.com/login.css'>
      <title>Rae Riding Lessons | Signup</title>
   </head>

   <body>
      <div id="box">
         <form action="post">
            <div style="font-size: 20px; margin: 10px">Signup</div>
            
            First Name<input id="text" type="text" name="first_name"><br><br>
            Last Name<input id="text" type="text" name="last_name"><br><br>
            Email<input id="text" type="text" name="email"><br><br>
            Phone<input id="text" type="text" name="phone"><br><br>
            Street Address<input id="text" type="text" name="address"><br><br>
            City<input id="text" type="text" name="city"><br><br>
            State<input id="text" type="text" name="state"><br><br>
            Zip<input id="text" type="text" name="zip"><br><br>
            Password<input id="text" type="text" name="password"><br><br>

            <input id="button" type="submit" value="Signup"><br><br>

            <a href="login.php">Already have an Acount?</a><br><br>
         </form>
      </div>
   </body>
</html>

Again I don’t really know how to do any of this so I have been following YouTube videos to set things up. And according to the video when I press the “Sign up” button it should submit the users data to the database and then got to the login.php page but it just takes me to a infinityfree 404 page and the data doesn’t get inserted into the database.

Any help is appreciated. Just let me know if you need more information.

Thank you!

YT_Xaos · September 30, 2022, 9:22pm

Well, it would be more helpful if you provided a domain, to begin with.

404 Not Found is self-explanatory, the server could not find the file you requested. Are you sure you uploaded it in the right place?

Greenreader9 · September 30, 2022, 9:27pm

You never define user_id
This is a very good example of SQL injection. This can be hacked super easily.
NEVER store plain-text passwords

Basically, DO NOT store important or private information with this.

YT_Xaos · September 30, 2022, 9:32pm

Elaborating further on what Greenreader9 said:

Store passwords using hash and if you want to add more security, add salt.

Hashing is a one-way process that converts a password to ciphertext using hash algorithms.

In PHP you can use password_hash(string $password, PASSWORD_DEfAULT).

Oxy · September 30, 2022, 9:42pm

Login button redirects to 404 page
as well as signup.php

somewhere in your code this post is inserted as a URL

http://raeridinglessons.infinityfreeapp.com/post? (+ any information is entered)

which leads me to the conclusion that it is not a problem in the DB (at least for now)
but your code does not process the input adequately at all

I added some part (marked)

Forge_Face_The_Great · September 30, 2022, 11:03pm

Thank you but the Login page isn’t even set up so I know that is broke. I need to know about the signup page as stated above.
Thank you!

Forge_Face_The_Great · September 30, 2022, 11:06pm

Check Line 20.
2 and 3. This is just a school project and won’t be used for anything other than getting a grade. I would be great to add security but that is not the focus right now.

Forge_Face_The_Great · September 30, 2022, 11:08pm

http://raeridinglessons.infinityfreeapp.com/signup.php

here is the signup page which leads to the 404 page. However the 404 page is not helpful

Greenreader9 · September 30, 2022, 11:47pm

Sorry, must have missed that. Using random_num() is a bad idea. Use the PRIMARY KEY feature of MySQL instead.

Good to know. I am not a professor, nor do I know the point of this exercise, but personally, I would deduct major points for turning in something with a security risk.

I figured out the issue after taking a quick look at the form, then a look at your code.

So this is what happens if you submit the form:

Since you are doing this for a class, I am not going to give you the solution, just point you in the right direction. Look at what I underlined in red and blue, then look at the request method. Notice how your form is sending a GET request.

Now, look at your code where you define this request:
<form action="post">

Then look at the documentation to see what you did wrong:

Official Docs:
https://html.spec.whatwg.org/#the-form-element

Docs that are more human-readable:

If you are really stuck, study this section:

When you see what you did you will be so mad, probably at yourself or your computer. Welcome to the world of web developing, this kind of thing happens a lot.

Forge_Face_The_Great · September 30, 2022, 11:55pm

Thank you so much! I changed action to method and then not even 5 seconds later you responded. Anyway, now when I hit the submit button it stays on the page and displays my warning message. So hopefully I’ll be able to get it working from here. If not I’ll be back. But thank you for the help and the links I’ll try to check them out.
Thank you!

Oxy · October 1, 2022, 5:51pm

As I said in the picture
you had form action = post (instead of method)

and it then figuratively called some file post and tried to pass data to it
so “post” appeared in the URL
and since it doesn’t exist, it led to a 404 page

Btw, is there a reason why you are asking for so much information during account creation?

the more PII you store, the more you have to worry about the security of that data (GDPR too)

Also you should find some source on the Internet that includes checking all these fields

with you, for example, in the field for the email address, it is enough to enter “1” or something else without checking whether there is an @ (valid address)

you should also block all special characters and allow only alphanumeric input

because otherwise someone will break into your DB or create incorrect data (corrupted) by entering wrong characters

system · October 8, 2022, 5:51pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.