This question already has an answer here:
The script appears to make sense and I am not getting any errors returned but the data from the form on my website is not being inserted into my database table and I don't know why. This is being tested on WAMP at the moment. The database and table name are correct, so is the password.
I've tried changing the code to do just a straightfoward insert without the hash function. Example, by assigning each post a variable name and then using the name in the insert query. Even that doesn't work.
<?php
// Change this to your connection info.
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASS = 'PASSWORD';
$DB_NAME = 'DB NAME';
// Try and connect using the info above.
$mysqli = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if ($mysqli->connect_errno) {
// If there is an error with the connection, stop the script and display the error.
die ('Failed to connect to MySQL: ' . $mysqli->connect_errno);
}
// Now we check if the data was submitted, isset will check if the data exists.
if (!isset($_POST['username'], $_POST['password'], $_POST['email'])) {
// Could not get the data that should have been sent.
die ('Please complete the registration form!<br><a href="register.php">Back</a>');
}
// Make sure the submitted registration values are not empty.
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) {
// One or more values are empty...
die ('Please complete the registration form!<br><a href="register.php">Back</a>');
}
// We need to check if the account with that username exists
if ($stmt = $mysqli->prepare('SELECT id, password FROM user WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
// Username already exists
echo 'Username exists, please choose another!<br><a href="register.php">Back</a>';
} else {
// Username doesnt exists, insert new account
if ($stmt = $mysqli->prepare('INSERT INTO user (username, password, email) VALUES (?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$stmt->bind_param('sss', $_POST['username'], $password, $_POST['email']);
$stmt->execute();
echo 'You have successfully registered, you can now login!<br><a href="login.php">Login</a>';
} else {
echo 'Could not prepare statement!';
}
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
$mysqli->close();
?>
The script echos 'You have successfully registered, you can now login!
Login' but when I check my database table nothing has been inserted...
</div>
