Getting PHP registration form to connect with MYSQL

Question

I'm building a test site and my test form is working fine. But when I submit my form it says "cannot find page". What am I doing wrong?

Code:

<?php

if(isset($_POST['username']) && isset($_POST['password']))
{
$db =connect('jsnow_jsnow','missysnow2005');
if($db!=false)
{
   register($db);
   echo "User registered";
} 

}

function connect($dbuser,$dbpassword)
{
    try{
        $db = new  PDO('mysql:host=localhost;dbname=jsnow_login',$dbuser,$dbpassword);
        return $db;
    }catch(PDOException $e){
        echo $e;
        return false;}
}

function register($db)
{
    $user = mysql_real_escape_string($_POST['username']);
    $password = sha1($_POST['password']);
    $email = mysql_real_escape_string($_POST['e_mail']);

    $query = "INSERT INTO members(username,password,email) values('".$user."','".$password."','".$email."')";
    try{
        $db->eginTransaction();
        $db->exec($query);
        $db->commit();
        echo "commit succesful";
    }catch(Exception $e){}
}

?>


<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form action="http://localhost/jsnow_login/registration.php" method="post">
username:<input type="text" name="username"/>
password:<input type="password" name="password"/>
email<input type="text" name="e_mail"/>
<input type="submit"/>

</form>


</body>
</html>

Can someone help me with this?

narikkadan · Answer 1 · Jun 2, 2022

The problem is that you are creating the PDO connection incorrectly.

Example connections:

$dbh = new PDO('mysql:host=localhost;dbname=test', 'root', 'password');

$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$dbh = new PDO($dsn, $user, $password);

$dsn = 'uri:file:///usr/local/dbconnect';
$dbh = new PDO($dsn, $user, $password);

To solve this what you have to do is, instead of using mysql_real_escape_string... since you're using PDO, you should bind your parameters to prevent SQL injection:

$result_set = $pdo->prepare("INSERT INTO `users` (`username`, `password`, `first_name`, `last_name`) 
                                VALUES (:username, :password, :first_name, :last_name)");
$result_set->execute(array(
    ':username' => $username, ':password' => $password,
    ':first_name' => $firstname, ':last_name' => $lastname
));

I hope this helps you.