I'm trying to implement the function where it will check whether if the user already exists in my database be for it will insert all the registration data but it doesn't seem to work =( could someone please help me identify where the error is. really appreciate all the answer in advance.
<?php
require '../ppuyakul/php/db_conn.php';
$message = '';
//Prepare date
$DOB = date("Y-m-d", strtotime( $_POST['year'].'-'. $_POST['month'].'-'. $_POST['day']));
$accessType = "0";
//Check enpty field
if(!empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['fullname']) && !empty($_POST['username']) && !empty($_POST['password_confirmation']) && !empty($_POST['gender']) && !empty($_POST['country']) && !empty($_POST['state']) && !empty($_POST['city']) && !empty($_POST['day']) && !empty($_POST['month']) && !empty($_POST['year'])):
// Enter the new user in the database
$sql = "INSERT INTO assignment2 (fullname, username, email, password, gender, country, state, city, DOB, type) VALUES (:fullname, :username, :email, :password, :gender, :country, :state, :city, :DOB, :type)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':fullname', $_POST['fullname']);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
$stmt->bindParam(':gender', $_POST['gender']);
$stmt->bindParam(':country', $_POST['country']);
$stmt->bindParam(':state', $_POST['state']);
$stmt->bindParam(':city', $_POST['city']);
$stmt->bindParam(':DOB', $DOB);
$stmt->bindParam(':type', $accessType);
$chk = $conn->prepare("SELECT username FROM assignment2 WHERE username = :name");
$chk->bindParam(':name', $username);
$chk->execute();
if($chk->rowCount() > 0):
$message = 'Error ! ! User already exists';
else:
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
endif;
?>
According to #Paul T. I finally found the solution here is the final code, thanks so much again for your help #Paul T.
$username = $_POST['username'];
$chk = $conn->prepare("SELECT username FROM assignment2 WHERE username = :name");
$chk->bindParam(':name', $username);
$chk->execute();
if($chk->rowCount() > 0):
$message = 'Error ! ! User already exists';
else:
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
endif;
Related
My PDO query is not working for some reason, the page itself doesn't seem to have any error, I've been trying to fix this for like 2 months and nothing worked, I got this "final" code which not seems to have any errors and it's still not working.
<?php
require 'database.php';
$message = '';
if (!empty($_POST['username']) && !empty($_POST['email']) && !empty($_POST['phone']) && !empty($_POST['password'])) {
$sql = "INSERT INTO users (username, email, phone, password) VALUES (:username, :email, :phone, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':phone', $_POST['phone']);
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(':password', $password);
$query = $con->prepare("SELECT username FROM users WHERE username = :username");
$query->bindParam(':username', $_POST['username']);
$query->execute();
if($query->rowCount() > 0){
?> Este usuario ya existe <?php
}
else {
if($stmt->execute()) {
header('Location: login.php');
}
else {
echo "OcurriĆ³ un error";
}
}
}
?>
I suppose that it's because you have used a inapropriate variable.
in initialisation of $stmt you used $conn and in $query you used $con
make sure to the rigth varaible
I'm attempting to access my database to see if the email has been
used previously. All my attempts have failed. I can get the form to
enter the information into the database but that is it. I'm very new
to PHP so any help is appreciated.
<?php
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])):
$sql = "INSERT INTO noodles_gamification (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ){;
$message = 'Successfully created new user';
}else {
$stmt = $conn->prepare('SELECT email FROM noodles_gamification WHERE email = :email');
$stmt->execute(array(':email' => $_POST['email']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(!empty($row['email'])){
$error[] = 'email provided is already in use.';
}
}
endif;
?>
I think you need to check if email is already exist or not before inserting new record to database Just modify your if condition some think like
<?php
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])):
$stmt = $conn->prepare('SELECT email FROM noodles_gamification WHERE email = :email');
$stmt->execute(array(':email' => $_POST['email']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(!empty($row['email'])){
$error[] = 'email provided is already in use.';
} else {
$sql = "INSERT INTO noodles_gamification (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ){;
$message = 'Successfully created new user';
}
}
else {
}
endif;
?>
Right now I am trying to set up a user registration page, and I've been having trouble with verifying that the e-mail is not already in use. I figured all I had to do was make a query to my database to check and see if the e-mail was already in use. This seems pretty straight forward, so I don't know why it's giving me such a problem.
I've read several posts, and tried several approaches with PDO and mysqli, but I have still yet to get this script to function properly. Any help would be greatly appreciated.
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: /");
}
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])&& !empty($_POST['firstname'])&& !empty($_POST['lastname'])&& !empty($_POST['phone'])&& !empty($_POST['address'])&& !empty($_POST['city'])&& !empty($_POST['zip'])):
//check to see if e-mail is already being used
//This method always says that the email is already in use, even if I am entering a new one.
/*
$records = $conn->prepare('SELECT * FROM users WHERE email = :email');
$records->bindParam(':email', $_POST['email']);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
if( count($results) > 0){
$message = "Sorry, that E-mail address is already registered to an account.";
}
*/
//this one never says that the email is in use.
/*
$email = $_POST['email'];
$query = mysqli_query($conn, "SELECT * FROM users WHERE email='".$email."'");
if(mysqli_num_rows($query) > 0){
$message = "Sorry, that E-mail address is already registered to an account.";
}
*/
//this was the last method I tried, and it also never says that the email is in use.
try{
$stmt2 = $conn->prepare('SELECT `email` FROM `user` WHERE email = ?');
$stmt2->bindParam(1, $_POST['email']);
$stmt2->execute();
while($row = $stmt2->fetch(PDO::FETCH_ASSOC)) {
}
}
catch(PDOException $e){
echo 'ERROR: ' . $e->getMessage();
}
if($stmt2->rowCount() > 0){
//echo "The record exists!";
$message = "Sorry, that E-mail address is already registered to an account.";
}
else{
// Enter the new user in the database
$sql = "INSERT INTO users (email, password, firstname, lastname, phone, address, city, zip) VALUES (:email, :password, :firstname, :lastname, :phone, :address, :city, :zip)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
$stmt->bindParam(':firstname', $_POST['firstname']);
$stmt->bindParam(':lastname', $_POST['lastname']);
$stmt->bindParam(':phone', $_POST['phone']);
$stmt->bindParam(':address', $_POST['address']);
$stmt->bindParam(':city', $_POST['city']);
$stmt->bindParam(':zip', $_POST['zip']);
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
}
endif;
?>
When doing COUNT(*) the server(MySQL) will only allocate memory to store the result of the count and its faster too.
this part of your code that must be corrected:
$records = $conn->prepare('SELECT count(*) FROM users WHERE email = :email');
$records->bindParam(':email', $_POST['email']);
$records->execute();
$results = $records->fetch(PDO::FETCH_NUM);
echo $results[0];
I am encountering an issue with this piece of code:
if (!empty($_POST['email']) && !empty($_POST['password'])
&& $_POST['password'] == $_POST['confirm_password']
&& ( !filter_var ($_POST['email'], FILTER_VALIDATE_EMAIL) === false ) ):
//Enter the new user in the database
$sql = "INSERT INTO users (email, password) VALUE (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ):
header("Location:succRegister.php");
else : //this part of code is the problem
header("Location:failRegister.php");//
endif;
endif;
?>
I wish I knew why when the statement ($stmt) is not executed in regards to the conditions above, the link (else) doesn't work?
The first link does work.
I think I see what might be the problem. If your first if condition is not met, neither of the headers will be reached. You can move the fail location outside the outer if, so that it will go there by default. Then on the inner if, exit immediately after sending the header.
if (!empty($_POST['email']) && !empty($_POST['password'])
&& $_POST['password'] == $_POST['confirm_password']
&& ( !filter_var ($_POST['email'], FILTER_VALIDATE_EMAIL) === false ) ):
//Enter the new user in the database
$sql = "INSERT INTO users (email, password) VALUE (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ):
header("Location: succRegister.php"); // only go here on success
exit();
endif;
endif;
// always go here if you haven't already gone somewhere else
header("Location: failRegister.php");
You can achieve the same thing with
if (!empty($_POST['email']) && !empty($_POST['password'])
&& $_POST['password'] == $_POST['confirm_password']
&& ( !filter_var ($_POST['email'], FILTER_VALIDATE_EMAIL) === false ) ) :
//Enter the new user in the database
$sql = "INSERT INTO users (email, password) VALUE (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if ( $stmt->execute() ):
header("Location: succRegister.php"); // only go here on success
else:
header("Location: failRegister.php"); // $stmt->execute failed
endif;
else:
header("Location: failRegister.php"); // $_POST validation failed
endif;
But if you are redirecting to the same page on either reason for failure, this is redundant.
This is the section I use to add users.
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: ./index.php");
}
require 'conn.php';
$message = '';
if(!empty($_POST['name']) &&!empty($_POST['email']) && !empty($_POST['password'])):
// Enter the new user in the database
$sql = "INSERT INTO users (name, email, password) VALUES (:name,:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindValue(':name', $_POST['name']);
$stmt->bindValue(':email', $_POST['email']);
$stmt->bindValue(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
?>
I personally do it by using a query and an if statement
$query = $conn->prepare("SELECT * FROM users WHERE email = :email");
$query->bindParam(':email', $_POST['email']);
if ($query->rowcount() = 0)
{
// insert account into database
}
else {
// display error message
}
To check if the email exists or not, you have to write a query whether that email is stored in the database. If the query result is not empty, you can show a message that the email exists. If the query result is empty, you can make him a new user.
For that you have to write this query
$sql="select name from user where email='$email'";
$stmt = $conn->prepare($sql);
if ($stmt->rowcount() = 0)
{
$sql = "INSERT INTO users (name, email, password) VALUES (:name,:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindValue(':name', $_POST['name']);
$stmt->bindValue(':email', $_POST['email']);
$stmt->bindValue(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
}
else {
$msg="Email already exists";
}