i have just started php and html and i am creating a small game for personal use. Anyways, i wrote a script were you simply enter data to create an account and then you submit it:
<?php include 'header.php';
?>
<br>
<br>
<br>
<table border="1" align="center" cellpadding='25'>
<tr>
<td align='middle'>
<form method='POST' action='insertuser.php' align= 'right'>
Username: <input type='username' name='username'> <br>
Password: <input type='password' name='password'> <br>
Confirm Password: <input type='Password'> <br>
Email: <input type='username'> <br>
<input type='submit' name='submit' align = 'center'>
</td>
</tr>
</table>
<
<table align='right'>
<tr>
<td>
<image src='stillneedimage(square).jpg'>
</td>
</tr>
</table>
<table align='left'>
<tr>
<td>
<image src='stillneedimage(square).jpg'>
</td>
</tr>
</table>
</body>
</html>
then i created a database withh phpmyadmin and inside it i have a table called members. there are currently 4 tables inside the database, id, username, password, and rank. finally i created another script that inserts data the user entered into the database:
<?php
include_once "mysqlconnecter.php";
$username1 = $_POST ['username'];
$password1 = $_POST ['password'];
mysql_query("INSERT INTO members Values ('','$username1','$password1','' ") or
die('could not insert member, please try again');
?>
its not done but its job is to insert data into the database. when i run the script it gives me this error:
Notice: Undefined index: username in E:\PortableApps\xampp-
portable\htdocs\xampp\insertuser.php on line 4
Notice: Undefined index: password in E:\PortableApps\xampp-
portable\htdocs\xampp\insertuser.php on line 5
could not insert member, please try again
What am i possibly doing wrong?
To avoid problems within your form, add </form> - tag and change to type='text'. the type-attribute tells what type of element, not what name the element is identified as. You have name-attribute for that.
<table border="1" align="center" cellpadding='25'>
<tr>
<td align='middle'>
<form method='POST' action='insertuser.php' align= 'right'>
Username: <input type='text' name='username'> <br>
Password: <input type='text' name='password'> <br>
Confirm Password: <input type='text' name='confirmPassword'> <br> <!-- changed name -->
Email: <input type='text' name='username'> <br>
<input type='submit' name='submit' align = 'center'>
</form> <!--added here -->
</td>
</tr>
</table>
Looking at your insertuser.php
<?php
include_once "mysqlconnecter.php";
$username1 = $_POST ['username'];
$password1 = $_POST ['password'];
mysql_query("INSERT INTO members Values ('','$username1','$password1','' ") or
die('could not insert member, please try again');
?>
I notice some things. The first is the qutoes for the user of memberID? I guess that is and INt (probably autoincrement) and in that case you wouldn't have to include that field at all. Secondly you missed out a parenthesis in the actual insert-statement.
<?php
include_once "mysqlconnecter.php";
$username1 = $_POST ['username'];
$password1 = $_POST ['password'];
mysql_query("INSERT INTO members Values ('$username1','$password1','')") or
die('could not insert member, please try again');
?>
And maybe the most important part is that you have to sanitize data so that unwanted data doesn't get to the database. The easisest check you can do (and should do) is to at least check if the elements are assigned:
<?php
include_once "mysqlconnecter.php";
$username1 = $_POST ['username'];
$password1 = $_POST ['password'];
if (isset($username1) && isset($password1)) { //Execute query only if username and password are given/exists
/* PUT IN CODE HERE
for sanizting username and password with certain rules
and comparing field password with confirmPassword
*/
mysql_query("INSERT INTO members Values ('$username1','$password1','')") or
die('could not insert member, please try again');
}
?>
In this way you shouldn't get those errors you're describing. Also check value of confirmPassword with password to see if they are equal (if you don't do that the confirmPassword-field is useless)
I would really recommend switching from mysql_* functions to PDO or mysqli, because mysql_* functions are deprecated (meaning that those functions won't work in the future).
You are using name="username" not username1 as in your PHP.
$username1 = $_POST['username'];
$password1 = $_POST['password'];
also the type is wrong.
You are accessing the wrong name in $_POST
$username1 = $_POST ['username'];
$password1 = $_POST ['password'];
Your type in your input tag should be "text":
Username: <input type='text' name='username'> <br>
And the name you are getting from $_POST has to match the name in your form:
$username1 = $_POST ['username'];
Change this:
$username1 = $_POST ['username1'];
$password1 = $_POST ['password1'];
Into this
$username1 = $_POST['username'];
$password1 = $_POST['password'];
The HTML form inputs are called 'username' and 'password', these names are passed to the $_POST variable.
Now, you don't sanitize your database inputs. Try creating a user named bobby'); DROP TABLE members;--. Be sure to back up the members table. (spoiler: it will drop your table)
For more information on how to prevent this, see How can I prevent SQL injection in PHP?
First of all,
There is no input type="username". What you should use is input type="text".
Secondly, there are no elements in the HTML form with their name attributes set to "username1" or "password1". I hope you have noticed that. So modify the PHP file accordingly.
And you'll face a lot of errors even after this. This is because before executing a MySQL query, you need to actually CONNECT to the database.
So read up a little bit, and only then try this out.
Cheers!
There is no errors in your posted code except a closing tag of form. I copied the same code and is working perfectly. What I changed is,
<html>
<head>
<title>Althaf</title>
</head>
<body bgcolor="gray">
<b>Welcome to <i>html</i></b><br>
<?php include 'header.php';
?>
<br>
<br>
<br>
<table border="1" align="center" cellpadding='25'>
<tr>
<td align='middle'>
<form method='POST' action='insertuser.php' align= 'right'>
Username: <input type='username' name='username'> <br>
Password: <input type='password' name='password'> <br>
Confirm Password: <input type='Password'> <br>
Email: <input type='username'> <br>
<input type='submit' name='submit' align = 'center'>
</td>
</tr>
</table>
</form><!-- Here was the missing tag-->
<table align='right'>
<tr>
<td>
<image src='stillneedimage(square).jpg'>
</td>
</tr>
</table>
<table align='left'>
<tr>
<td>
<image src='stillneedimage(square).jpg'>
</td>
</tr>
</table>
</body>
</html>
And in insertuser.php,
<?php
$username1 = $_POST ['username'];
$password1 = $_POST ['password'];
echo $username1;
echo $password1;
?>
I'm getting fields. So, may be further errors inside the DBconnecting php.