Remove the "id" in your mysql query and the first comma in the values, like so:


See what happens now. Also, if that doesn't work, what error message do you get?

Ok well first of what's the point in escaping the users input after entering into a mysql query? kinda ruins the whole point of doing so, also there is problems with your mysql query itself and your code looks awfully messy, Definately look into mysqli or PDO.

Lets clear this up properly:


Adding to this you don't actually need to insert into the id if it's set to auto increment as mysql will do that all for you, the same applies to time-stamps set to current time-stamp as default. I'm just trying to promote good practice.

iyop45 wrote

Click to View Content

Ok well first of what's the point in escaping the users input after entering into a mysql query? kinda ruins the whole point of doing so, also there is problems with your mysql query itself and your code looks awfully messy, Definately look into mysqli or PDO.

Lets clear this up properly:


 <?php
define("HOST", "localhost");
define("USER", "root");
define("PASSWORD", "");
define("DATABASE", "login");
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
if(mysqli_connect_errno()){
    printf("DB error: %s", mysqli_connect_error());
    exit();
}

 $username = $_POST['username'];
 
 $password = $_POST['password'];
 $passwordch = $_POST['passwordch'] ;
 
 $email = $_POST['email'];
 $emailC = $_POST['emailc'];
 
 if($password != $passwordch && $email != $emailC){
   echo "do not match";
 }else{
   if($stmt = $mysqli->prepare("INSERT INTO users (username, password, email) VALUES (?,?,?)")){
      $stmt->bind_param('sss', $username, $password, $email);
      $stmt->execute();
      $stmt->close();
   }else{
      echo "error executing query";
   }
 }   
 ?>


Adding to this you don't actually need to insert into the id if it's set to auto increment as mysql will do that all for you, the same applies to time-stamps set to current time-stamp as default. I'm just trying to promote good practice.

In case he's actually going to use your code, you might want to change the logic operator AND to OR at the end as it will still execute the query if only one of those (email or password) is incorrect.

Nicasus wrote

iyop45 wrote

Click to View Content

Ok well first of what's the point in escaping the users input after entering into a mysql query? kinda ruins the whole point of doing so, also there is problems with your mysql query itself and your code looks awfully messy, Definately look into mysqli or PDO.

Lets clear this up properly:


 <?php
define("HOST", "localhost");
define("USER", "root");
define("PASSWORD", "");
define("DATABASE", "login");
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
if(mysqli_connect_errno()){
    printf("DB error: %s", mysqli_connect_error());
    exit();
}

 $username = $_POST['username'];
 
 $password = $_POST['password'];
 $passwordch = $_POST['passwordch'] ;
 
 $email = $_POST['email'];
 $emailC = $_POST['emailc'];
 
 if($password != $passwordch && $email != $emailC){
   echo "do not match";
 }else{
   if($stmt = $mysqli->prepare("INSERT INTO users (username, password, email) VALUES (?,?,?)")){
      $stmt->bind_param('sss', $username, $password, $email);
      $stmt->execute();
      $stmt->close();
   }else{
      echo "error executing query";
   }
 }   
 ?>


Adding to this you don't actually need to insert into the id if it's set to auto increment as mysql will do that all for you, the same applies to time-stamps set to current time-stamp as default. I'm just trying to promote good practice.

In case he's actually going to use your code, you might want to change the logic operator AND to OR at the end as it will still execute the query if only one of those (email or password) is incorrect.

Ah, I had a bit of a derp moment there my bad. It should be fine now.