PHP：将注册表单中的值插入 MySQL 表

Question

I'm very new to PHP and have to use it for school to make a prototype login/signup page. However I am having an issue inserting values from a sign up form into a MySQL database. I have created a customers table in a UTTCv5 schema on phpmyadmin. I sourced the code from this website https://www.tutorialrepublic.com/php-tutorial/php-mysql-login-system.php and edited it to add the first name and credit card number. However, when I complete and submit the form, the data is not added to the customers table.

config.php:

<?php
/* Database credentials */
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_NAME', 'utccv5');

/* Attempt to connect to MySQL database */
$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);

// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}
?>

register.php:

<?php
// Include config file
require_once "config.php";

// Define variables and initialize with empty values
$username = $password = $first_name = $credit_card = "";
$username_err = $password_err = $first_name_err = $credit_card_err = "";

// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){

    // Validate email
    if(empty(trim($_POST["username"]))){
        $username_err = "Please your email.";
    } else{
        Prepare a select statement  
        $sql = "SELECT email FROM customers WHERE email = ?";

        if($stmt = mysqli_prepare($link, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_username);

            // Set parameters
            $param_username = trim($_POST["username"]);

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                /* store result */
                mysqli_stmt_store_result($stmt);

                if(mysqli_stmt_num_rows($stmt) == 1){
                    $username_err = "This email is already taken.";
                } else{
                    $username = trim($_POST["username"]);
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }

            // Close statement
            mysqli_stmt_close($stmt);
        }
    }

    // Validate password
    if(empty(trim($_POST["password"]))){
        $password_err = "Please enter a password.";     
    } elseif(strlen(trim($_POST["password"])) < 6){
        $password_err = "Password must have atleast 6 characters.";
    } else{
        $password = trim($_POST["password"]);
    }

    // Validate first name
    if(empty(trim($_POST["first_name"]))){
        $first_name_err = "Please enter your first name.";     
    } elseif(strlen(trim($_POST["first_name"])) < 1){
        $first_name_err = "Your first name must have atleast 1 character.";
    } else{
        $first_name = trim($_POST["first_name"]);
    }

    // Validate credit
    if(empty(trim($_POST["credit_card"]))){
        $credit_card_err = "Please enter your credit card number.";     
    } elseif(strlen(trim($_POST["credit_card"])) < 16){
        $credit_card_err = "Your first name must have atleast 1 character.";
    } else{
        $credit_card = trim($_POST["credit_card"]);
    }



    // Check input errors before inserting in database
    if(empty($username_err) && empty($password_err) && empty($first_name_err) && empty($credit_card_err)){

        // Prepare an insert statement
        $sql = "INSERT INTO customers (username, password, first_name, credit_card) VALUES (?, ?, ?, ?, ?, ?)";

        if($stmt = mysqli_prepare($link, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "ssss", $param_username, $param_password, $param_first_name, $param_credit_card);

            // Set parameters
            $param_username = $username;
            $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
            $param_first_name = $first_name;
            $param_credit_card = $credit_card;

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Redirect to login page
                header("location: login.php");
            } else{
                echo "Something went wrong. Please try again later.";
            }

            // Close statement
            mysqli_stmt_close($stmt);
        }
    }

    // Close connection
    mysqli_close($link);
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Sign Up</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
    <style type="text/css">
        body{ font: 14px sans-serif; }
        .wrapper{ width: 350px; padding: 20px; }
    </style>
</head>
<body>
    <div class="wrapper">
        <h2>Sign Up</h2>
        <p>Please fill this form to create an Under the Clock account.</p>
        <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
            <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
                <label>Email</label>
                <input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
                <span class="help-block"><?php echo $username_err; ?></span>
            </div>    
            <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
                <label>Password</label>
                <input type="password" name="password" class="form-control" value="<?php echo $password; ?>">
                <span class="help-block"><?php echo $password_err; ?></span>
            </div>
            <div class="form-group <?php echo (!empty($first_name_err)) ? 'has-error' : ''; ?>">
                <label>First name</label>
                <input type="text" name="first_name" class="form-control" value="<?php echo $first_name; ?>">
                <span class="help-block"><?php echo $confirm_password_err; ?></span>
            </div>
            <div class="form-group <?php echo (!empty($credit_card_err)) ? 'has-error' : ''; ?>">
                <label>Credit Card</label>
                <input type="text" name="credit_card" class="form-control" value="<?php echo $credit_card; ?>">
                <span class="help-block"><?php echo $credit_card_err; ?></span>
            </div>
            <div class="form-group">
                <input type="submit" class="btn btn-primary" value="Submit">
                <input type="reset" class="btn btn-default" value="Reset">
            </div>
            <p>Already have an account? <a href="login.php">Login here</a>.</p>
        </form>
    </div>    
</body>
</html>

Answer 1

Try to make these changes

1. Prepare a select statement it should be commented //Prepare a select statement

2. Check if your mysql user has insert permission. use this command: SHOW GRANTS FOR CURRENT_USER

Answer 2

First of all regarding mysql, you should not be using the root account in your scripts for security purposes and that may also be the cause due to server security restrictions.

Here you go on creating a new account & granting permissions

As @Jameel said you also need to comment non-PHP code by adding double forward slashes. I see they're there in some lines but not here

Prepare a select statement