PHP Registration Form not saving

Question

I have a HTML Sign Up form that allows new users to be registered to the site.:

<form action="register.php" method="POST" class="register-form">
    <h1>Create Account</h1>
    <label>
        <span>First Name :</span>
        <input id="firstname" type="text" name="firstname" placeholder="Your First Name" autocomplete="off" required/>
    </label>
    <label>
        <span>Surname :</span>
        <input id="surname" type="text" name="surname" placeholder="Your Surname" autocomplete="off" required/>
    </label>
    <label>
        <span>Username :</span>
        <input id="username" type="text" name="username" placeholder="Your Chosen Username" autocomplete="off" required/>
    </label>
    <label>
        <span>Email :</span>
        <input id="email" type="email" name="email" placeholder="Your Email Address" autocomplete="off" required/>
    </label>
    <label>
        <span>Password :</span>
        <input id="password" type="password" name="password" placeholder="Your Chosen Password" autocomplete="off" required/>
    </label>
    <hr>
    <input name="action" type="hidden" value="signup" />
    <input type="submit" class="btn register btn-success btn-lg" name="submit" value="Register">

</form>

Which goes to register.php:

<?php
$connection = mysql_connect('localhost', 'root', 'password');
if (!$connection) {
    die("Database Connection Failed" . mysql_error());
}

$select_db = mysql_select_db('gmaps1');
if (!$select_db) {
    die("Database Selection Failed" . mysql_error());
}

// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])) {
    $firstname = $_POST['firstname'];
    $surname = $_POST['surname'];
    $username = $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST['password'];


    $query = "INSERT INTO `users` (firstname, surname, username, password, email) VALUES ('$firstname', '$surname', '$username', '$password', '$email')";
    $result = mysql_query($query);
    if ($result) {
        header("Location: thank_you.html");
    } else {
        echo 'User Not Created';
    }
}
?>

But when I click the Register button it doesn't save the data and returns "User Not Created". Would it be better using MySQLi rather than MySQL or is there a better way for this to work??

Answer 1

Error checking solved my problem - "field 'active' doesn't have a default value"

There was an inactive field in the table 'Users'. I got rid of that and it works fine. It must have been added in by mistake.

Answer 2

• You don't get a "Database Connection Failed" so you sucessfully connected with the database
• Its better to use MySQLi or PDO (my choice)
• At least use mysql_real_escape and maybe a trim() but thats just a starting point when it comes to security
• check wether all your database fields are named exactly the way you are adressing them inside your Insert-Statement
• Do a echo $query , open phpMyAdmin (for example) and copy-paste the output inside the SQL field and send -> you may get a MySQL error you can analyse

• It's better to store passwords hashed. Try inserting MD5($password) (there are way better options!) and on login do compare:

  if(MD5($inputPassword) == $passwordhashFromDatabase){}