I have created a simple form to create new users for a system i'm developing but for some reason when the form is processed the field for "password" is not being stored in the database, or at least it appears that way as the rest of the fields in the table are filled in all bar the "password" field.
The code for the form is as follows:
<form action="create_admin.php" method="post" enctype="multipart/form-data">
<div style="float:left; width:45%">
<!-- username -->
<p>
<label>Username:</label><br/>
<input type="text" class="text small" name="username" id="username" value="" />
<span class="note">*required</span>
</p>
<!-- password -->
<p>
<label>Password:</label><br/>
<input type="text" class="text small" name="password" id="password" value="" />
<span class="note">*required</span>
</p>
<!-- other comments -->
</div>
<div style="width:45%;float:right">
<!-- user_id_account -->
<p>
<label>Position:</label><br/>
<select name="position" class="styled" style="width:240px">
<option value="0">n/a</option>
<option value="Design" >Design</option>
<option value="Development" >Development</option>
<option value="Sales" >Sales</option>
<option value="Management" >Management</option>
</select>
</p>
</div>
<p>
<input type="submit" class="submit long" value="Save and Return" name="submit" />
</p>
</form>
And the form processing code is as follows:
<?php require_once("includes/db_connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
if (isset($_POST['submit'])) {
//Process the form
$username = mysql_prep($_POST["username"]);
$password = $_POST["password"];
$position = $_POST["position"];
$query = "INSERT INTO admin (";
$query .= " username, password, position";
$query .= " ) VALUES (";
$query .= " '{$username}', '{$password}', '{$position}' ";
$query .= ")";
echo $query;
try { $result = mysqli_query($connection, $query);
} catch (Exception $e) {
return 'Caught exception: '+ $e->getMessage()+ "
";
}
//Test if there was a query error
if ($result) {
//Success
// would normally use a redirect ie redirect_to("somepage.php");
//$message = "Subject created.";
redirect_to("list_admins.php");
}else {
//failure
//$message = "Subject creation failed.";
//redirect_to("add_project.php");
echo $query;
}
} else {
// This is probably a GET request
redirect_to("add_admin.php");
}?>
<?php
// Close database connection
if(isset($connection)){ mysqli_close($connection); }
?>
I thought perhaps the problem was my SQL statement but i've tried it from within phpMyAdmin and it seems fine. Can anyone shed some light as to where i might be going wrong here?
*Note: i realise i haven't set the password input to password as i just want to save it as plaintext for the moment until i get everything working and will add encryption to it at a later stage.
Your try-catch block won't throw anything. Try something like this to get your insert in properly. Also note that if you echo before you can't redirect.
$query = "INSERT INTO admin ( username, password, position ) VALUES ( ?, ?, ? )";
echo $query; // <-- If you echo this, your php redirect won't work, unless you use Javascript
if($stmt = $connection->prepare($query)){
$stmt->bind_param('sss', $username, $password, $position);
$result = $stmt->execute();
$stmt->close();
}else die("Failed to prepare!");
if its the problem with only your password. Please verify
If There is a mismatch in datatype of password field in the mysql database with the input values.
After first step verification if the problem still persists, try to echo the password value in the processing page, if it is displaying it correctly perform trials with the syntax.