MSQL Insert Bootstrap Form

时间:2015-11-12 11:29:50

标签: php mysql twitter-bootstrap

I have been looking for an answer on the search but have not found it. So here are the facts.

  1. I can connect to the database.
  2. My database is set up correctly to intake.
  3. My form as shown below seems to have everything right.
  4. All my locations are correct, such as where to send the user after registration, etc.
  5. The $link is the connection on another file.

Problem 1: I am unable to insert the data into the database

Problem 2: If possible, I would like to know how to make the password and the INSERT of data more secured as I've been told that this is not the proper way to do this. The problem? I don't know where to start in order to learn proper securing techniques, if possible, I'm willing to pay for services just to secure the connections.

I hope I am not breaking the rules, and if I am, I just ask that you point me in the right direction. I have been trying to code for a while now but is hard here in Hawaii with very limited coders to walk me through, and that's an understatement. I am currently on Treehouse and Udemy but so far no luck.The codes below are from Udemy, I just added validation through trial and error. Thank you.

Bootstrap form, beginning and end only because of length:

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

<button type="submit" class="btn btn-primary" value="register">Register</button>



<?php

    session_start();     
        if(isset($_GET['logout'], $_SESSION['id']) && $_GET['logout'] == 1) {
        // if both get logout and session id does exists and logout is equal to 1
        session_destroy();
        header('Location: ../logout.php');
}

    include 'core/connection.php';
    $error = "";
    if (isset($_POST['submit']) && ($_POST['submit']==="register")) {   
        if (!$_POST['first_name']) $error.="<br />Please enter your first name";
            else {          
                if (!preg_match("/^[- '\p{L}]+$/u", $_POST['first_name'])) $error.="<br />First name may only contain letters";         
            }
        if (!$_POST['last_name']) $error.="<br />Please enter your last name";
            else {          
                if (!preg_match("/^[- '\p{L}]+$/u", $_POST['last_name'])) $error.="<br />Last name may only contain letters";           
            }
        if (!$_POST['email']) $error.="<br />Please enter your email";
            else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) $error.="<br />Please enter a valid email address";   

        if ($_POST['email'] !== $_POST['confirm_email']) $error.="<br />Your email addresses do not match.";

        if (!$_POST['password']) $error.="<br />Please enter your password";
            else {          
                if (strlen($_POST['password'])<8) $error.="<br />Please enter a password with at least 8 characters";
                if (!preg_match('`[A-Z]`', $_POST['password'])) $error.="<br />Please enter at least 1 capital letter";         
            }
        if ($_POST['password'] !== $_POST['confirmPassword']) $error.="<br />Your passwords do not match.";

        if (!$_POST['dob_month']) $error.="<br />Invalid date of birth (month)";
        if (!$_POST['dob_day']) $error.="<br />Invalid date of birth (day)";
        if (!$_POST['dob_year']) $error.="<br />Invalid date of birth (year)";
        if (!$_POST['gender']) $error.="<br />Please select your gender";
        if (!$_POST['state']) $error.="<br />Please select your country and state"; 

            if ($error) $error = "<strong>There were error(s) in your registration:</strong><br />".$error;


            else {


                $query = "SELECT * FROM `registered_users` WHERE email='".mysqli_real_escape_string($link, $_POST['email'])."'";
                $result = mysqli_query($link, $query);
                $results = mysqli_num_rows($result);
                if ($results) $error = "That email address is already registered";


                else {


                    $query = "INSERT INTO `registered_users` (`first_name`, `last_name`,`email`, `password`, `dob_month`, `dob_day`, `dob_year`, `gender`, `country`, `state`)"
           . " VALUES('".mysqli_real_escape_string($link, $_POST['first_name'])."','".mysqli_real_escape_string($link, $_POST['last_name'])."','".mysqli_real_escape_string($link, $_POST['email'])."', '".md5(md5($_POST['email']).$_POST['password'])."','".mysqli_real_escape_string($link, $_POST['dob_month'])."','".mysqli_real_escape_string($link, $_POST['dob_day'])."','".mysqli_real_escape_string($link, $_POST['dob_year'])."', '".mysqli_real_escape_string($link, $_POST['gender'])."', '".mysqli_real_escape_string($link, $_POST['country'])."','".mysqli_real_escape_string($link, $_POST['state'])."')";
                    mysqli_query($link, $query);
                    $_SESSION['id'] = mysqli_insert_id($link); 
                    header("Location: user_dashboard.php");
                }
            }
        }

    $loginerror = "";
    if (isset($_POST['submit']) && ($_POST['submit']==="Sign In")) {    
        $query="SELECT * FROM `registered_users` WHERE email='".mysqli_real_escape_string($link, $_POST['loginemail'])."' AND password='".md5(md5($_POST['loginemail']).$_POST['loginpassword'])."' LIMIT 1";
        $result = mysqli_query($link, $query);
        $row = mysqli_fetch_array($result);
        if ($row) {
            $_SESSION['id']=$row['id'];            
                header("Location:user_dashboard.php");
            } else {
                $loginerror = "We could not find a user with that email and password. Please try again.";            
            }
        }   

?>

1 个答案:

答案 0 :(得分:1)

name='submit'

中添加<button type="submit" class="btn btn-primary" value="register">Register</button>

应该看起来像

<button type="submit" name='submit' class="btn btn-primary" value="register">Register</button>
相关问题
最新问题