Why is the user's data not being added to the database?

S

Sofia Platonova2021-08-06 21:48:35

PHP

Sofia Platonova, 2021-08-06 21:48:35

When the "Save" button (type button, not submit) is clicked, the form is validated. If all fields are filled, the form data must be submitted to the database, otherwise the fields are highlighted and a message appears. The check is performed correctly, but nothing appears in the database, although it is accessed, but the data is not saved. What is the problem?
registration.php

<form name="form" action="check_registration.php" method="post">
        <input type="text" name="name" class="reg_form" id="name" placeholder="ФИО" /><br />
        <input type="text" name="login" class="reg_form" id="login" placeholder="Логин" /><br />
        <input type="password" name="password" class="reg_form" id="password" placeholder="Пароль" /><br />
        <input type="text" name="dob" class="reg_form" id="dob" placeholder="Дата рождения" /><br />
        <select name="region" class="reg_form" id="region">
          <option disabled selected value="null">Регион</option>
          <option value="MO">Московская область</option>
          <option value="LO">Ленинградская область</option>
          <option value="RT">Республика Татарстан</option>
        </select><br />
        <input type="text" name="telephone" class="reg_form" id="telephone" placeholder="Телефон" /><br />
        <input type="email" name="email" class="reg_form" id="email" placeholder="Email" /><br />
        <input type="button" name="save" class="reg_form" id="save" value="Сохранить" />
      </form>

registration.js

$(document).ready(function() {
    $("#save").on("click", function() {
                let name = $("#name").val();
    let login = $("#login").val();
    let password = $("#password").val();
    let dob = $("#dob").val();
    let region = $("#region").val();
    let telephone = $("#telephone").val();
    let email = $("#email").val();
    let counter = 0;
    if (name == "" || name == " ") {
      $("#name").css("border-color", "red");
      counter++;
    };
    if (login == "" || login == " ") {
      $("#login").css("border-color", "red");
      counter++;
    };
    if (password == "" || password == " ") {
      $("#password").css("border-color", "red");
      counter++;
    };
    if (dob == "") {
      $("#dob").css("border-color", "red");
      counter++;
    }
    if (region == null) {
      $("#region").css("border-color", "red");
      counter++;
    };
    if (telephone == "" || telephone == "+7") {
      $("#telephone").css("border-color", "red");
      counter++;
    };
    if (email == "" || email == " ") {
      $("#email").css("border-color", "red");
      counter++;
    };
    if (counter == 0) {
      $("form[name='form']").submit();
    };
    });
});

check_registration.php

<?php
  $login = $_POST['login'];
  $name = $_POST['name'];
  $password = $_POST['password'];
  $dob = $_POST['dob'];
  $region = $_POST['region'];
  $telephone = $_POST['telephone'];
  $email = $_POST['email'];
  $password = md5($password."usyvi462");
  $mysql = new mysqli("localhost", "root", "root", "medixer");
  $mysql->query("SET NAMES 'utf8'");
  $mysql->query("INSERT INTO `users` (`login_user`, `name`, `password`, `dob`, `region`, `telephone`, `email`) VALUES('$login', '$name', '$password', '$dob', '$region', '$telephone', '$email')");
  $mysql->close();
  header("Location: index.php");
?>

* If there are suggestions with a submit button, not a button, please, the main thing is that the form validation works and, as a result of finding an error, the form submission is canceled. But it's better not to change the type of the button if this is not a major mistake!
** I read somewhere that .submit() can conflict with method=""

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

ThunderCat, 2021-08-06
@SophiaS

How to act (in principle, always):
1) Check that the form works and makes a request: open the developer console in the browser - network, submit the form - see that the form has made a request to the server. If you didn’t, we sort out in the console what errors with scripts and fix everything.
2) In the sent request, we look at the data that the script sends, as well as the server response, for errors. If there are errors, we fix them.
3) Check the data that came to the server, do var_dump($_POST), see if it came to the server. If something did not come, we return to the front and look for an error in the html markup and form.
4) Correct data firstwe insert it into a separate variable as a query string, and then we pass it to $mysql->query() for execution. Thus, before executing the query, you can use the same var_dump() to display the query and check it visually for correctness, or insert it manually into the database through phpmyadmin or another database tool. View errors - correct.
5) In all cases, prepared expressions must be used. The code will be 3 lines longer, but 90% better.
Profit.

S

Sergey Sokolov, 2021-08-06
@sergiks

So you can't insert data into the database. Undesirable even on a local server for educational purposes. This is an open door for SQL injection. It's better to bind parameters like this:

$mysql = new mysqli("localhost", "root", "root", "medixer");
$mysql->set_charset("utf8");

$stmt = $conn->prepare("INSERT INTO `users` (`login_user`, `name`, `password`, `dob`, `region`, `telephone`, `email`) VALUES (?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssssss", $login, $name, $password, $dob, $region, $telephone, $email);
$stmt->execute();

$mysql->close();