In general, what is the point. I have the code:

<?php if (isset($_POST['login']) && isset($_POST['password']) && isset($_POST['email']) && isset($_POST['phone']) && isset($_POST['token'])){ $login = $_POST['login']; $password = $_POST['password']; $email = $_POST['email']; $phone = $_POST['phone']; $subject = 'тут тема письма'; $message = 'тут текст письма'; $db_host = 'localhost'; $db_user = ''; $db_password = ''; $db_base = ''; $db_table = ''; $mysqli = new mysqli($db_host,$db_user,$db_password, $db_base); if ($mysqli->connect_error) { die('Ошибка : ('. $mysqli->connect_error .') '. $mysqli->connect_error); } $result = $mysqli->query("INSERT INTO ".$db_table." (login,password,email,phone) VALUES ('$login','$password','$email','$phone')"); if ($result == true){ echo 'Информация занесена в базу данных, на указаный вами e-mail был выслат уникальный код, сохраните его, пожалуйста..'; }else{ echo 'Информация не занесена в базу данных. ', $mysqli->error; } } mysqli_close($mysqli); mail($email, $subject, $message) ?>

If you write 123 in all fields, then the correct 123 went to the database. And if you write your nickname, password, mail, phone in the fields, then when you enter the database in all the fields except the phone, it costs 0, and in the phone field there are digits Obviously, they do not coincide with those that I put in the field. Help knowledgeable

  • Please do not write PHP variables inside SQL queries. It's not safe. - mymedia
  • show the table structure - Novitskiy Denis
  • It? ibb.co/gYX0AK I forgot to add a token field to the php file code, added - nothing has changed, the field is still 0. UPD. My guess is an error in the type of columns in the table. Right? - lexani42
  • ))) All fields in the database are numeric !! Of course there will not get a single letter !! and still - at you $ message variable WHERE is formed ?? it is necessary to form it, otherwise the script fails. And in general, where did this product go? there is no protection against injection, the if (isset ...) {} condition must be turned on and sent to the mail!. And your sending (or rather, sending attempt) goes anyway, while the variables are not defined !!! - Sergey V.
  • "was sent" +1! - Igor

1 answer 1

 $db_host = 'localhost'; $db_user = ''; $db_password = ''; $db_base = ''; $ = '';

Parameters for connecting to the database are not specified, and for the operation of variables in quotes they must be enclosed in double ".

 $result = $mysqli->query("INSERT INTO ".$db_table." (login,password,email,phone) VALUES ('$login','$password','$email','$phone')");