I'm trying to insert values from a register form to the database but I keep getting the message 'User Registration Failed', and I don't know why.
<?php
include("home.html");
require('connect.php');
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')";
$result = mysqli_query($connection, $query);
if($result)
{
$smsg = "User Created Successfully";
}
else
{
$fmsg ="User Registration Failed";
}
}
Related
I'm trying to make a query that would check if username has been taken but it only stores the form data into the database even if the username already exists
<?php
$db= new mysqli('localhost', 'root', '', 'mytrackz');
$query= "SELECT * FROM users ";
$result2= mysqli_query($db, $query);
$user= mysqli_fetch_assoc($result2);
if (isset($_POST['regbutton']))
{
$username= $_POST['username'];
$email= $_POST['email'];
$password= $_POST['password'];
$sql= "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$password')";
$result= mysqli_query($db, $sql);
if ($user) {
if ($user == $username){
echo "Username already exists";
}elseif($result){
echo "Registeration Successful";
}else{
echo "Registeration unsuccessful";
}
}
}
?>
1:
when you do '$query= "SELECT * FROM users "' you are getting all records in your table without any filter by user.
2:
afeter check the post in 'if (isset($_POST['regbutton']))' you are inserting the value without check in database.
3: 'if ($user == $username){
echo "Username already exists";' you are checking a single value agains an array of objects from database;
To fix it:
<?php
$db= new mysqli('localhost', 'root', '', 'mytrackz');
if (isset($_POST['regbutton']))
{
$username= $_POST['username'];
$email= $_POST['email'];
$password= $_POST['password'];
$query= "SELECT * FROM users WHERE username = '$username'";
$result2= mysqli_query($db, $query);
$user= mysqli_fetch_assoc($result2);
if ($user['username'] == $username){
echo "Username already exists";
}else{
$sql= "INSERT INTO users (username, email, password) VALUES ('$username','$email', '$password')";
$result= mysqli_query($db, $sql);
}
}
<?php
session_start();
$username = "";
$email = "";
$db = mysqli_connect("localhost", "root", "", "authentication");
if (isset($_POST['register_btn'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$password2 = mysqli_real_escape_string($db, $_POST['password2']);
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) {
if ($user['username'] === $username) {
header("Refresh:0");
echo "usrname exists";
}
if ($user['email'] === $email) {
header("Refresh:0");
echo "error";
}
}
if ($password == $password2) {
$password = md5($password);
$sql = "INSERT INTO users
(username, email, password, name, street,
postcode, age , center)
VALUES('$username', '$email', '$password', '$name', '$street',
'$postcode', '$age', '$center')";
mysqli_query($db, $sql);
$_SESSION['message'] = "Account registered";
$_SESSION['username'] = $username;
header("location: login.php");
}else{
$_ERROR= "Something went wrong :/";
}
}
As shown above is some PHP code, the purpose here is to register a user then redirect them to the login page, however after multiple attempts of trying to use validation to see if an email or username already exists, after clicking the register button it still just records the registered details into the database names authentication (Users). I have put 'header ("Refresh") to test if it even reads through the if statement, It does not seem to.
I know md5 is insecure, and I will replace it.
Any advice on what I may have done wrong.
I have used snippets of code from here however I have attempted a few other solutions with no luck.
I have a registration page, which is tied to this process.php code below. When I run this code, it returns "Error". Did I make a mistake somewhere?
<?php
require_once ('newmeowconnection.php');
if (isset($_POST['form_input']) && $_POST['form_input'] == 'registration') {
registerUser();
}
function registerUser() {
$query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)
VALUES('{$_POST['first_name']}','{$_POST['last_name']}','{$_POST['email']}', '{$_POST['password']}', NOW(), NOW())";
$run = mysqli_query($query);
if ($run) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['user'] = $_POST['email'];
header('Location: http://localhost/homepage.php');
} else {
echo 'Error';
}
}
?>
mysqli_query need run on connection object or pass connection to it:
$run = mysqli->query($connection, $query);
or
$run = $connection->query($query);
The problem is you are using single quotes-inside single-quotes. For instance '{$_POST['first_name']}' is read as {$_POST[ being one thing first_name as a SQL variable and ]} another string.
Try the following
...
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at) VALUES('{$first_name}','{$last_name}','{$email}', '{$password}', NOW(), NOW())";
...
I create a database to save my users information. But I can only see the content of password part, and I can't see other parts content like email, username, first name etc. I put here a screenshot and my php codes thank you all.
<?php
session_start();
$db = mysqli_connect("localhost", "", "", "register_user");
if (isset($_POST["submit"])) {
session_start();
$firstname = mysql_real_escape_string($_POST["firstname"]);
$lastname = mysql_real_escape_string($_POST["lastname"]);
$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string($_POST["password"]);
$password_2 = mysql_real_escape_string($_POST["password_2"]);
$email = mysql_real_escape_string($_POST["email"]);
$email_2 = mysql_real_escape_string($_POST["email_2"]);
if ($password == $password_2) {
$password = md5($password);
$sql = "INSERT INTO user_data(firstname, lastname, username, password, email) VALUES('$firstname', '$lastname', '$username', '$password', '$email')";
mysqli_query($db, $sql);
$_SESSION['message'] = "You logged successfully";
$_SESSION['username'] = $username;
header("location: index.html");
}else {
$_SESSION['message'] = "Passwords don't match";
}
}
?>
If you are using mysqli please use
mysqli_real_escape_string(connection,escapestring);
Hope it helps.
Plus you need not to start the session twice you can use it once
So when I want to retrieve data and check it i.e. if the email already exist echo already registered. That part works fine, however inserting the same data does not work. Are my conditionals ordered improperly?
(intentionally left out values for the dbhostname id pw variables)
$dbname = "hw2";
$link = mysqli_connect($dbhostname, $dbuserid, $dbpassword, $dbname);
$firstname = $_POST["signup-firstname"];
$lastname = $_POST["signup-lastname"];
$email = $_POST["signup-email"];
$password = $_POST["signup-password"];
$repassword = $_POST["signup-repassword"];
if ($password != $repassword){
echo "<br><h3>Passwords did not match. <br>Please try again.</h3>";
}
else {
$ret_email = "SELECT * FROM hw2 WHERE email = '$email'";
$result = mysqli_query($link, $ret_email);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0){
echo "This email is already registered.";
}
else{
$insert_query = "INSERT INTO hw2 (firstname, lastname, email, password, repassword) VALUES ('$firstname', '$lastname', '$email', '$password', '$repassword')";
echo "$insert_query";
}
}
?>
You should perform the query not only echoing it
mysqli_query($con,"INSERT INTO Persons (FirstName,LastName,Age)
if ($num_rows > 0){
echo "This email is already registered.";
}
else{
$insert_query = "INSERT INTO hw2 (firstname, lastname, email, password, repassword) VALUES ('$firstname', '$lastname', '$email', '$password', '$repassword')";
echo "$insert_query";
mysqli_query($link,$insert_query)
}