I created a simple student registration form with php and it works fine in localhost, it pushes data in database with no problem, until i uploaded it to hosting where it started not to work.
here is the action.php
<?php
session_start();
include('db.php');
$nickname=$_POST['nickname'];
$result = "SELECT * FROM members WHERE nickname='".$nickname."'";
$member_result = mysqli_query($db, $result);
$count = mysqli_num_rows($member_result);
if ($count < 0 ) {
header("location: register.php?remarks=failed");
} else {
$month = $_POST['month'];
$day = $_POST['day'];
$year = $_POST['year'];
$date = date("Y-m-d");
$fullname= $_POST['fullname'];
$former_school=$_POST['former_school'];
$address=$_POST['address'];
$nickname=$_POST['nickname'];
$guardian=$_POST['guardian'];
$referrer = $_POST['referrer'];
$query = "INSERT INTO members(date, fullname, former_school, address, nickname, guardian, referrer, month, day, year)VALUES ('".$date."', '".$fullname."', '".$former_school."','".$address."', '".$nickname."', '".$guardian."', '".$referrer."', '".$month."', '".$day."', '".$year."')";
$query_result = mysqli_query($db, $query);
header("location: register.php?remarks=success");
}
?>
and my database sql
CREATE TABLE `members` (
`mem_id` int(20) NOT NULL PRIMARY,
`month` varchar(25) COLLATE utf8_unicode_ci NOT NULL,
`year` int(25) NOT NULL,
`date` date NOT NULL,
`fullname` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`former_school` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
`address` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
`nickname` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
`guardian` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
`referrer` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`mem_id`)
);
any comment and help is highly appreciated. Thank you.
In your table the day
is missing but you are inserting a day
in your INSERT
statement. This leads to a MYSQL Error.
Very very important note : Never do something like INSERT INTO table ... '".$_POST['anything']."'";
. Use prepared statements instead.
Using '; \\n DROP TABLE members; --
'; \\n DROP TABLE members; --
'; \\n DROP TABLE members; --
as the nickname in your form this will delete your whole database!
Also you can use mysqli_error()
instead of header()
for debugging. This will print you a nice error message where it sais something like "Column day
is not defined.".
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.