PHP not adding information to my database

General PHP Help
#1

I have an assignment due in 2 days and I’m tearing my hair out because I have been stuck on this same problem for 3 days now… does anyone know why this won’t work?

This is for a registration form…

<?php

if (isset($_POST['register-submit'])) {

    require 'connect.inc.php';

    $FirstName = $_POST['FirstName'];

    $LastName = $_POST['LastName'];

    $HouseNumber = $_POST['HouseNumber'];

    $Street = $_POST['Street'];

    $TownCity = $_POST['TownCity'];

    $Postcode = $_POST['Postcode'];

    $Phone = $_POST['Phone'];

    $Email = $_POST['Email'];

    $Password = $_POST['Password'];

    $PasswordRepeat = $_POST['Password-Repeat'];

    if (empty($FirstName)

        || empty($LastName)

        || empty($HouseNumber)

        || empty($Street)

        || empty($TownCity)

        || empty($Postcode)

        || empty($Phone)

        || empty($Email)

        || empty($Password)

        || empty($PasswordRepeat)) {

        header("Location: ../register.php?error=empty_fields&FirstName=" . $FirstName . "&LastName=" . $LastName . "&HouseNumber=" . $HouseNumber . "&Street=" . $Street . "&TownCity=" . $TownCity . "&Postcode=" . $Postcode . "&Phone=" . $Phone . "&Email=" . $Email);

        exit();

// Valid Email Check

    } else if (!filter_var($Email, FILTER_SANITIZE_EMAIL)) {

        header("Location: ../register.php?error=invalid_email&FirstName=" . $FirstName . "&LastName=" . $LastName . "&HouseNumber=" . $HouseNumber . "&Street=" . $Street . "&TownCity=" . $TownCity . "&Postcode=" . $Postcode . "&Phone=" . $Phone);

        exit();

    } else if (!filter_var($Email, FILTER_VALIDATE_EMAIL)) {

        header("Location: ../register.php?error=invalid_email&FirstName=" . $FirstName . "&LastName=" . $LastName . "&HouseNumber=" . $HouseNumber . "&Street=" . $Street . "&TownCity=" . $TownCity . "&Postcode=" . $Postcode . "&Phone=" . $Phone);

        exit();

// Password Match Check

    } else if ($Password !== $PasswordRepeat) {

        header("Location: ../register.php?error=check_password&FirstName=" . $FirstName . "&LastName=" . $LastName . "&HouseNumber=" . $HouseNumber . "&Street=" . $Street . "&TownCity=" . $TownCity . "&Postcode=" . $Postcode . "&Phone=" . $Phone);

        exit();

// Email Already Exists Check

    } else {

        $sql = "SELECT Email FROM users WHERE Email = ?";

        echo $sql;

        $stmt = mysqli_stmt_init($conn);

        if (!mysqli_stmt_prepare($stmt, $sql)) {

            header("Location: ../register.php?error=sqlerror");

            exit();

        } else {

            mysqli_stmt_bind_param($stmt, 's', $Email);

            mysqli_stmt_execute($stmt);

            mysqli_stmt_store_result($stmt);

            $resultCheck = mysqli_stmt_num_rows($stmt);

            if ($resultCheck > 0) {

                header("Location: ../register.php?error=email_already_registered&FirstName=" . $FirstName . "&LastName=" . $LastName . "&HouseNumber=" . $HouseNumber . "&Street=" . $Street . "&TownCity=" . $TownCity . "&Postcode=" . $Postcode . "&Phone=" . $Phone);

                exit();

            } else {

                // INSERT INTO address

                $sql = "INSERT INTO address (HouseNumber, Street, TownCity, Postcode) VALUES (?, ?, ?, ?)";

                $stmt = $conn->mysqli_stmt_init($sqlinsert);

                if (!mysqli_stmt_prepare($stmt, $sql)) {

                    header("Location: ../register.php?error=sqlerror=insert_into_address");

                    exit();

                } else {

                    mysqli_stmt_bind_param($stmt, "ssss", $HouseNumber, $Street, $TownCity, $Postcode);

                    mysqli_stmt_execute($stmt);

                    $latest_id = $conn->insert_id;

                    echo "Insert successful. Latest ID is: " . $latest_id;

                }

                // INSERT INTO users

                $sql = "INSERT INTO users (FirstName, LastName, AddressID, Phone, Email, Password) VALUES (?, ?, '$latest_id', ?, ?, ?)";

                $stmt = mysqli_stmt_init($conn);

                if (!mysqli_stmt_prepare($stmt, $sql)) {

                    header("Location: ../register.php?error=sqlerror=insert_into_users");

                    exit();

                } else {

                    $hashedPassword = password_hash($Password, PASSWORD_DEFAULT);

                    mysqli_stmt_bind_param($stmt, "ssisss", $FirstName, $LastName, $AddressID, $Phone, $Email, $hashedPassword);

                    mysqli_stmt_execute($stmt);

                    header("Location: ../register.php?registered=true");

                    exit();

                }

            }

        }

    }

    mysqli_stmt_close($stmt);

    mysqli_close($conn);

}
#2

What symptom or error are you getting that leads you to believe it won’t work? We are not sitting there with you and don’t know what you saw that would narrow down the dozen possibilities to a few that could be investigated further.

Whoever has been teaching you has not taught you good programming practices that will result in simple code that will either work or will tell you why it doesn’t work. You have 2+ times too much code, mainly because the form and the form processing code are not on the same page. Also, the address is related to the user, the user is not related to the address. You should insert the user information first, then use the last insert id from that query in the address query to relate the address back to the user.

Here’s what your form processing code should be doing -

  1. Detect if a post method form was submitted.
  2. Trim all the input data at one time, using one single statement.
  3. Validate all the inputs at one time, storing validation errors in an array, using the field name as the array index.
  4. If there are no validation errors (the array holding the errors is empty), use the submitted form data.
  5. Insert the user data, then insert the address data.
  6. Don’t try to SELECT the email address to decided if it already exists. Instead, define the email column as a unique index, just attempt to insert the data, and detect if there was a duplicate key error.
  7. Don’t tell the visitor if a database error occurred. Instead, use exceptions for errors for all the database statements that can fail - connection, query, prepare, and execute, and in most cases let php catch and handle the exception, where it will use its error related settings to control what happens with the actual error information. You can then remove all the existing error handling logic that you have now.
  8. Switch to the much simpler and more consistent PDO extension. Over half of the database related php statements will go away.
  9. Php will destroy all resources used on a page, so in most cases you don’t need to close prepared statements or close the database connection.
  10. By putting the form on the same page with the form processing code, all those redirects are eliminated. You can simply display all the validation errors when you re-display the form, and re-populate the form field values with the submitted form data.
  11. Edit, in looking at the code closer, you probably don’t have php’s error related settings set up so that php will help you. There are some problems that would be producing php errors. Find the php.ini that php is using and set error_reporting to E_ALL and set display_errors to ON. You may need to re-start your web server to get any changes made to the php.ini to take effect.
#3

Another recommendation would be to start small. with only one form field per table, such as the email and the house number. Once you get your program logic to work correctly for those fields, you can worry about the code needed for all the other fields.

Also, the two insert queries must be handled using a transaction so that if one of them fails, the data for both will be rolled back.

Sponsor our Newsletter | Privacy Policy | Terms of Service