Posting Data to a Database2

#1 
<?php
session_start();
include("connection.php");
include("functions.php");

if($_SERVER['REQUEST_Method'] == "POST")
{
    $full_name = $_POST['full_name'];
    $employee_id = $_POST['employee_id'];
    $branch_id = $_POST['branch_id'];
    $password = $_POST['password'];
    $confirm_password = $_POST['confirmpassword'];

        $user_id = random_num(20)
        $sql = "INSERT INTO Users (user_id,full_name,employee_id,branch_id,password,confirm_password) values ('user_id','$full_name','$employee_id','$branch_id','$password','$confirm_password')";
        
        mysqli_query($conn,$sql);

        header(Location:index.php)
        die;
   
}

Parse error : syntax error, unexpected variable “$sql” in C:\xampp\htdocs\practise2\signup.php on line 15

#2

There are so many problems with this code that I will assume it is for a classroom task.

First, you can NOT use random numbers to create a user_id with. The reason is that you might try to insert the same user_id and that would wreck your database table! You should use an auto-increment field instead and let the database create it for you. OR, you can use a standard GUID function to create one. Either way, if you created an user_id, you need to have it unique or let the database make it up for you.

Secondly, you do not show any error-checking at any of the steps to insure the data is valid.

Next, you check to see if the form is posted, but, you do not check for the correct button being pressed. Normally, you check for the form being posted and then which button was pressed. To allow the user to submit the form or cancel it or other such buttons.

Lastly, your error in this code as-is, is because you left off a semi-colon after you created the badly formed $user_id… So, it never creates the $sql variable…

Hope these comments help…

#3

First of all, I hope that this code is for a class assignment and not code you plan to use in real life. There are a lot of problems with this code! The main ones are:

  1. Do not, ever, ever, ever save passwords the way you do. No mySql has is good enough. PHP has its own way of hashing passwords which is much more secure. Please read about password_hash and its counterpart password_verify.

  2. You are creating the user ID by generating a random number. That really isn’t the best way to do it. Please let the database handle this for you by making the column ‘user_id’ a primary key with auto_increment. Using random_num gives the very likely possibility that you’ll end up with duplicate id’s. Using auto increment will negate that.

  3. You have no form validation. Meaning, you do not check if any of the values the user posts in the form, is what you actually want. Right now, people can insert anything and everything they want, including SQL code which can wreak your database. I suggest you read up on SQL Injection

  4. You have no error checking in your code. You execute the query, but you have no idea if there was an error.

The error you got on line 15 is because of a missing semicolon after random_num(20). But that really isn’t your biggest problem. Read up on the things I mentioned. If you have specific questions about that, we are here to help!

#4

BFlokstra??? You just recapped everything that I said…

Sponsor our Newsletter | Privacy Policy | Terms of Service