Registration PHP Code error - php

I am facing an error while completing my registration system. My database connection is working properly.
Registration PHP Code:
require 'db.php';
$message = '';
if(!empty($_POST['full_name']) && !empty($_POST['email']) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['confirm_password'])):
// Enter the new user in the database
$sql = "INSERT INTO users (full_name, email, username, password) VALUES (:email, :password)";
$stmt = $con->prepare($sql);
$stmt->bindParam(':email', $_POST['full_name']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':email', $_POST['username']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ):
header('Location: index.php');
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;


You are binding parameters for values which you have not included in the query,
change,
$sql = "INSERT INTO users (full_name, email, username, password) VALUES (:email, :password)";
to,
$sql = "INSERT INTO users (full_name, email, username, password) VALUES (:full_name, :email, :username, :password)";
and change,
$stmt->bindParam(':email', $_POST['full_name']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':email', $_POST['username']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
to,
$stmt->bindParam(':full_name', $_POST['full_name']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
Now you are actually passing the correct values to the query.
Take note of the following:
Ensure you are validating/sanitizing your user input.
Ensure that you use exit with header to prevent errors.
You are setting the value of $message but not outputting it.

Related

PHP Notice: Only variables should be passed by reference in Error [duplicate]

I'm practicing building a PHP registration form script for a website. I have done this code, but when I click the submit button I get the notice: Only variables should be passed by reference in line 13, and I'm stuck on what to do here. Any help is greatly appreciated, again I'm not a PHP expert.
<?php
require 'database.php';
if(!empty($_POST['email']) && !empty($_POST['username']) && !empty($_POST['password'])):
//Enter the new user into the database
$sql = "INSERT INTO users (email, username, password) VALUES (:email, :username, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if($stmt->execute() ):
die('Success');
else:
die('Fail');
endif;
endif;
?>
here

change this
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
to this
$email = $_POST['email'];
$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password',$password);
the error message is clear though you need to assign those values into variables then pass them

$result->bindParam(':id', $id, PDO::PARAM_INT);
if string, you need write:
$stmt->bindParam(':username', $_POST['username'], PDO::PARAM_STR);

How can I check if a user exists with PDO?

My PDO query is not working for some reason, the page itself doesn't seem to have any error, I've been trying to fix this for like 2 months and nothing worked, I got this "final" code which not seems to have any errors and it's still not working.
<?php
require 'database.php';
$message = '';
if (!empty($_POST['username']) && !empty($_POST['email']) && !empty($_POST['phone']) && !empty($_POST['password'])) {
$sql = "INSERT INTO users (username, email, phone, password) VALUES (:username, :email, :phone, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':phone', $_POST['phone']);
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(':password', $password);
$query = $con->prepare("SELECT username FROM users WHERE username = :username");
$query->bindParam(':username', $_POST['username']);
$query->execute();
if($query->rowCount() > 0){
?> Este usuario ya existe <?php
}
else {
if($stmt->execute()) {
header('Location: login.php');
}
else {
echo "OcurriĆ³ un error";
}
}
}
?>

I suppose that it's because you have used a inapropriate variable.
in initialisation of $stmt you used $conn and in $query you used $con
make sure to the rigth varaible

Seeing whether the email used is in the database - PHP

I'm attempting to access my database to see if the email has been
used previously. All my attempts have failed. I can get the form to
enter the information into the database but that is it. I'm very new
to PHP so any help is appreciated.
<?php
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])):
$sql = "INSERT INTO noodles_gamification (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ){;
$message = 'Successfully created new user';
}else {
$stmt = $conn->prepare('SELECT email FROM noodles_gamification WHERE email = :email');
$stmt->execute(array(':email' => $_POST['email']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(!empty($row['email'])){
$error[] = 'email provided is already in use.';
}
}
endif;
?>

I think you need to check if email is already exist or not before inserting new record to database Just modify your if condition some think like
<?php
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])):
$stmt = $conn->prepare('SELECT email FROM noodles_gamification WHERE email = :email');
$stmt->execute(array(':email' => $_POST['email']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(!empty($row['email'])){
$error[] = 'email provided is already in use.';
} else {
$sql = "INSERT INTO noodles_gamification (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ){;
$message = 'Successfully created new user';
}
}
else {
}
endif;
?>

Only variables should be passed by reference in... on line 13 Fail

I'm practicing building a PHP registration form script for a website. I have done this code, but when I click the submit button I get the notice: Only variables should be passed by reference in line 13, and I'm stuck on what to do here. Any help is greatly appreciated, again I'm not a PHP expert.
<?php
require 'database.php';
if(!empty($_POST['email']) && !empty($_POST['username']) && !empty($_POST['password'])):
//Enter the new user into the database
$sql = "INSERT INTO users (email, username, password) VALUES (:email, :username, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if($stmt->execute() ):
die('Success');
else:
die('Fail');
endif;
endif;
?>
here

change this
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
to this
$email = $_POST['email'];
$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password',$password);
the error message is clear though you need to assign those values into variables then pass them

$result->bindParam(':id', $id, PDO::PARAM_INT);
if string, you need write:
$stmt->bindParam(':username', $_POST['username'], PDO::PARAM_STR);

Check if the email exists using pdo

This is the section I use to add users.
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: ./index.php");
}
require 'conn.php';
$message = '';
if(!empty($_POST['name']) &&!empty($_POST['email']) && !empty($_POST['password'])):
// Enter the new user in the database
$sql = "INSERT INTO users (name, email, password) VALUES (:name,:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindValue(':name', $_POST['name']);
$stmt->bindValue(':email', $_POST['email']);
$stmt->bindValue(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
?>

I personally do it by using a query and an if statement
$query = $conn->prepare("SELECT * FROM users WHERE email = :email");
$query->bindParam(':email', $_POST['email']);
if ($query->rowcount() = 0)
{
// insert account into database
}
else {
// display error message
}

To check if the email exists or not, you have to write a query whether that email is stored in the database. If the query result is not empty, you can show a message that the email exists. If the query result is empty, you can make him a new user.
For that you have to write this query
$sql="select name from user where email='$email'";
$stmt = $conn->prepare($sql);
if ($stmt->rowcount() = 0)
{
$sql = "INSERT INTO users (name, email, password) VALUES (:name,:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindValue(':name', $_POST['name']);
$stmt->bindValue(':email', $_POST['email']);
$stmt->bindValue(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
}
else {
$msg="Email already exists";
}

Categories