I have made a code and when I try to sign up I get a problem saying the length is not between 5-30 for the password. I was using 7 letters for a password but was getting this problem when trying to sign up on my site. I have posted parts of the code below:
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sighn up date and time
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un' ");
// Count the amount of rows where username - $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
// Check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// Check that passwords match
if ($pswd==$pswd2) {
// Check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// Check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)>5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using bcrypt before sending to database
$pswd = bcrypt($pswd);
$pswd2 = bcrypt($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', $un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to YouBook</h2>Login to your account to get started . . .");
Try this:
if (strlen($pswd)>30||strlen($pswd)<5) {
// ^ You want to check if it is less than or equal to 5
p.s. You really shouldn't put a maximum limit on the password.
Related
I'm working on a forum for a school project (high school) and I have a register form. Everything works but when I submit the form I get my set error that says "An error has occurred". I'm not getting any MYSQL errors and am wondering what's wrong with my code. Please note, everything should be working but for some reason it does not submit to the database. I know the html is good so I'm only submitting the php.
register.php
<?php
//get required files
include 'inc/config.php';
//get all variables to avoid errors
$firstname = ""; //first name of user
$lastname = ""; //last name of user
$username = ""; //username of user
$email = ""; //email of user
$city = ""; //current city
$password = ""; //password
$password2 = ""; //confirm password
$date = ""; //signup date
$error_array = array(); //holds all error messages
$ip = ""; //ip address of user
$allowed_cities = array("Toronto","Ottawa","Hamilton","London","Windsor","Kingston"); //holds all cities allowed
$profilepic = ""; //profile photo
$code = ""; //email token to verify account
//Profile Photo Settings
$allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation
$max_filesize = 9999999999; // Maximum filesize in BYTES - SET IN to a low number for small files
$upload_path = 'data/profilepictures/'; // The place the files will be uploaded to (currently a 'profile pictures' directory)
if(isset($_POST['submit'])){
//First Name
$firstname = strip_tags($_POST['firstname']); //Remove html tags
$firstname = str_replace(' ', '', $firstname); //remove spaces
$firstname = ucfirst(strtolower($firstname)); //Uppercase first letter
//Last Name
$lastname = strip_tags($_POST['lastname']); //Remove html tags
$lastname = str_replace(' ', '', $lastname); //remove spaces
$lastname = ucfirst(strtolower($lastname)); //Uppercase first letter
//Username
$username = strip_tags($_POST['username']); //Remove html tags
$username = str_replace(' ', '_', $username); //remove spaces and put a underscore
//Note: preg match for username done later
//Email
$email = strip_tags($_POST['email']); //Remove html tags
$email = str_replace(' ', '', $email); //remove spaces
//City
$city = strip_tags($_POST['city']); //Remove html tags
$city = str_replace(' ', '', $city); //remove spaces
$city = ucfirst(strtolower($city)); //Uppercase first letter
//Password and Confirm Password
$password = strip_tags($_POST['password']); //Remove html tags
$password2 = strip_tags($_POST['password2']); //Remove html tags
//Profile Picture
$profilepic = $_FILES['photo']['name']; // Get the name of the file (including file extension)
$ext = substr($profilepic, strpos($profilepic,'.'), strlen($profilepic)-1); // Get the extension from the profilepic
//Email Verification
$code=substr(md5(mt_rand()),0,15); //token to verify email
//Date and IP Address
$date = date("Y-m-d"); //Current date
$ip = $_SERVER['REMOTE_ADDR']; //IP Address
//Check submissions for errors
//Check Firstname
if(strlen($firstname) > 25 || strlen($firstname) < 2) {
array_push($error_array, "Your first name must be between 2 and 25 characters<br>");
}
//Check Lastname
if(strlen($lastname) > 25 || strlen($lastname) < 2){
array_push($error_array, "Your last name must be between 2 and 25 characters<br>");
}
//Check Username
$u_check = mysqli_query($con, "SELECT username FROM users WHERE username='$username'");
$num_rows = mysqli_num_rows($u_check);
if($num_rows > 0) {
array_push($error_array, "Username is taken<br>");
}
if(strlen($username) > 30 || strlen($username) < 3){
array($error_array, "Your username must be between 3 and 30 characters<br>");
}
if(preg_match('/^[a-z0-9]{6,10}$/', $username)) {
array_push($error_array, "Your username includes invalid characters<br>");
}
//Check Email
$e_check = mysqli_query($con, "SELECT email FROM users WHERE email='$email'");
$num_rows2 = mysqli_num_rows($e_check);
if($num_rows2 > 0){
array_push($error_array, "Email already in use<br>");
}
$allowed_emails = array('student.tdsb.on.ca', 'delasalle.ca', 'ucc.on.ca');
$explodedEmail = explode('#', $email);
$domain = array_pop($explodedEmail);
if ( ! in_array($domain, $allowed_emails))
{
array_push($error_array, "Your student email is not allowed<br>");
}
//Check City
if (!in_array($city, $allowed_cities)) {
array_push($error_array, "Our service is not available in your city<br>");
}
//Check Passwords
if($password != $password2) {
array_push($error_array, "Your passwords do not match<br>");
}
if(strlen($password > 30 || strlen($password) < 5)) {
array_push($error_array, "Your password must be betwen 5 and 30 characters<br>");
}
if(preg_match('/[^A-Za-z0-9]/', $password)) {
array_push($error_array, "Your password can only contain english characters or numbers<br>");
}
//Check Profile Picture
if(!in_array($ext,$allowed_filetypes)){
array_push($error_array, "The file you attempted to upload is not allowed<br>");
}
if(filesize($_FILES['photo']['tmp_name']) > $max_filesize){
array_push($error_array, "The file you attempted to upload is too large<br>");
}
if(!is_writable($upload_path)){
array_push($error_array, "You cannot upload to the specified directory, please CHMOD it to 777<br>");
}
if(move_uploaded_file($_FILES['photo']['tmp_name'],$upload_path . $profilepic)){
}
else{
array_push ($error_array, "There was an error during the file upload. Please try again later<br>");
}
//Process Data
if(empty($error_array)) {
$password = md5($password); //Encrypt password before sending to database
$query = mysqli_query($con, "INSERT INTO users (firstname,lastname,email,username,password,signup_date,city,profilephoto,email_verified ) VALUES ('$firstname','$lastname','$email','$username','$password','$date','$profilepic','0') ");
array_push($error_array, "Your acccount has been created. Please check your inbox to verify your account<br>");
}
else{
array_push($error_array, "An error has occured. Please try again later<br>");
}
}
?>
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 6 years ago.
Here is the PHP block i am using:
$reg = #$_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$u_check = "";
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {}
if ($em==$em2){}
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
$check = mysql_num_rows ($u_check);
if ($check == 0){}
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){}
if ($pswd==$pswd2){}
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "The maximum amount of character is 25! Please try again";
}
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");
}
And here is the two else statements:
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");
}
When i only have:
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
I don't get an error message, but when i add:
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln', '$em','$pswd','$d','0')");
}
I get this error message when i refresh:
Parse error: syntax error, unexpected 'else' (T_ELSE) in C:\xampp\htdocs\Socially\index.php on line 39
I am using a YouTube tutorial, and this is what he typed, he didn't get an error message. Here is the link: https://www.youtube.com/watch?v=EgqVNMTnmDQ&list=PLA7F9875BD031DC16&index=36
This video was done in 2013.
If someone could help me, it would be appreciated.
Your ifs are wrong the { opens the control block and the } closes it. For example with this:
if (strlen($pswd)>30||strlen($pswd)<5){}
You are doing nothing when the password is longer than 30 characters or less than 5. (also why limit passwords to 30 characters?)
You also then are echoing the message regardless of that condition:
echo "Your password be between 5 and 30 characters long!";
Additional notes:
Your control blocks should be indented.
You should NOT put user data directly into a SQL query. That is how injections occur. strip_tags does nothing to stop a SQL injection.
Try:
<?php
$reg = #$_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$u_check = "";
$fn = strip_tags(#$_POST['fname']);//dont use #, no need for error supression, resolve the errors.
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {}//does nothing
if ($em==$em2){}//does nothing
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
$check = mysql_num_rows ($u_check);
if ($check == 0){}//does nothing
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){}//does nothing
if ($pswd==$pswd2){}//does nothing
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "The maximum amount of character is 25! Please try again";
} else {
if (strlen($pswd)>30||strlen($pswd)<5){
echo "Your password be between 5 and 30 characters long!";
} else {
$pswd = md5($pswd); //should upgrade hashing algorithm
$pswd2 = md5($pswd2);//not used
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");//open to SQL injections
}
}
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
so i tried to convert a little bit of MYSQL to the new PDO;
$u_check = mysql_query("SELECT username FROM users WHERE username='un'");
$check = mysql_num_rows($u_check);
if($check == 0){
echo "Do this";
}
How i did it in PDO:
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE :username = '$un'");
$check = $databaseConnection->query($u_check);
if($check == 0){
echo "do stuff"
}
But as expeced i get an error:
Warning: PDO::query() expects parameter 1 to be string, object given
in F:\xampp\htdocs\SocialMedia\first\index.php on line 27
Line 27: $check = $databaseConnection->query($u_check);
I have no idea how to get the same result in PDO
Thanks in advance for the help!
EDIT 1:
I have this now:
if($reg) {
if($em==$em2){
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE :username = '$un'");
$u_check->bind_param("s", "un");
$result = $u_check->execute();
if($result){
echo "hoi";
}
}
}
gives me:
Fatal error: Call to undefined method PDOStatement::bind_param() in
F:\xampp\htdocs\SocialMedia\first\index.php on line 26
EDIT 2: my code at the moment;
<?php include("inc/header.inc.php");?>
<?php
$reg = $_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$fn = strip_tags($_POST['fname']);
$ln = strip_tags($_POST['lname']);
$un = strip_tags($_POST['uname']);
$em = strip_tags($_POST['email']);
$em2 = strip_tags($_POST['email2']);
$pswd = strip_tags($_POST['password']);
$pswd2 = strip_tags($_POST['password2']);
$d = date("d-m-Y");
if($reg) {
if($em==$em2){
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE username= :username");
$u_check->bindParam(':username', $un);//un is the given username that user types
$u_check->execute();
$check = $u_check->rowCount();
if($check > 0){
if($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){
if($pswd==$pswd2){
if(strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "Maximum characters is 25!";
}else{
if(strlen($pswd)>30||strlen($pswd)<5){
echo "Your pass must be between 5 and 30 characters!";
}else{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = $databaseConnection->prepare("INSERT INTO users (username, first_name, last_name, email, password, sign_up_date, activated) VALUES (:un, :fn, :ln, :em, :pswd, :d, '0')");
$query->execute();
die("<h2>Welcome to Profiles</h2>Login to your account to get started...");
}
}
}
}
}else{
echo "Already exists!";
}
}
}
?>
So, now i get the message "Already exists!" everytime,
Altho the setup itself does not work, its not putting the stuff from the form in ....
EDIT 3
I get this:
Parse error: syntax error, unexpected '}' in
F:\xampp\htdocs\SocialMedia\first\index.php on line 50 which is line
if($pswd!=$pswd2){
$errors[] .= 'Passwords are not the same';
}elseif(strlen($pswd)>30||strlen($pswd)<5){
$errors[] .='Your pass must be between 5 and 30 characters!'
}else{
$pswd_md = md5($pswd);
}
which is this line:
}else{
Your code is wrong...Try this one:
<?php include("inc/header.inc.php"); ?>
<?php
function display_errors($errors){
$display = '<ul>';
foreach ($errors as $error){
$display .= '<li>'.$error.'</li>';
}
$display .= '</ul>';
return $display;
}
$reg = $_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
if(isset($reg)) {
$errors = array();
$fn = strip_tags($_POST['fname']);
$ln = strip_tags($_POST['lname']);
$un = strip_tags($_POST['uname']);
$em = strip_tags($_POST['email']);
$em2 = strip_tags($_POST['email2']);
$pswd = strip_tags($_POST['password']);
$pswd2 = strip_tags($_POST['password2']);
$d = date("d-m-Y");
$required = array('fname','lname','uname','email','email2','password','password2');
foreach($required as $field){
if($_POST[$field] == ''){
$errors[] .= $field. ' is required';
}
}
if(strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
$errors[] .= "Maximum characters is 25!";
}
if($pswd!=$pswd2){
$errors[] .= 'Passwords are not the same';
}elseif(strlen($pswd)>30||strlen($pswd)<5){
$errors[] .='Your pass must be between 5 and 30 characters!'
}else{
$pswd_md = md5($pswd);
}
if($em != $em2){
$errors[] .= 'Emails are not the same';
}
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE username= :username");
$u_check->bindParam(':username', $un);//un is the given username that user types
$u_check->execute();
$check = $u_check->rowCount();
if($check > 0){
$errors[] .= 'User Exists. Choose another username';
}
if(!empty($errors)){
echo display_errors($errors);
}else{
$ac = 0;
$query = $databaseConnection->prepare("INSERT INTO users (username, first_name, last_name, email, password, sign_up_date, activated) VALUES (:un, :fn, :ln, :em, :pswd, :d, :ac)");
$query->bindParam(':un',$un);
$query->bindParam(':fn',$fn);
$query->bindParam(':ln',$ln);
$query->bindParam(':em',$em);
$query->bindParam(':pswd',$pswd_md);
$query->bindParam(':d',$d);
$query->bindParam(':ac',$ac);
$query->execute();
}
if($query){
//INSERT SUCCESS
echo 'Success';
}else{
echo 'Failed;'
}
}
?>
It is because for query() you need a String, but you give an object (Look: http://php.net/manual/de/pdo.query.php)
There is an example:
<?php
function getFruit($conn) {
$sql = 'SELECT name, color, calories FROM fruit ORDER BY name';
foreach ($conn->query($sql) as $row) {
print $row['name'] . "\t";
print $row['color'] . "\t";
print $row['calories'] . "\n";
}
}
?>
If you want to use prepare have a look at: http://php.net/manual/de/pdo.prepare.php
You have to use $var->execute(array($var1, $var2));
If I see correctly you want to check if the given username exists in the database. Call ->execute() on the prepared statement and use rowCount() on the returned object to get the number of results.
Check the documentation for more info: PDO rowCount and PDO Prepare
But if you really only need the number of rows where the username is the given username (since you select username and use it in the condition also) you can simply select the number:
SELECT count(username) FROM users GROUP BY username HAVING username = $username
For some apparent reason, a portion of my PHP code is being shown in the header section of my page.
I am completely stumped as to why this is occurring. I have rechecked all the variables and have tested how to page renders on IE and Firefox, but the same problem occurs.
reg.php:
<?
$registration = #$_POST[`submitReg`];
// Getting all other info from form and assigning it to variables
$firstname = strip_tags(#$_POST[`fname`]);
$lastname = strip_tags(#$_POST[`lname`]);
$username = strip_tags(#$_POST[`username`]);
$email = strip_tags(#$_POST[`email`]);
$email2 = strip_tags(#$_POST[`email2`]);
$password = strip_tags(#$_POST[`password`]);
$password2 = strip_tags(#$_POST[`password2`]);
$DOBDay = strip_tags(#$_POST[`DOBDay`]);
$DOBMonth = strip_tags(#$_POST[`DOBMonth`]);
$DOBYear = strip_tags(#$_POST[`DOBYear`]);
$gender = strip_tags(#$_POST[`gender`]);
$sign_up_date = date("d-m-Y"); // Sign up date is not getting any data from the form
if ($registration) {
if ($email==$email2) {
// If both emails match, then check if user already exists:
$u_check = mysqli_query("SELECT username FROM users WHERE username='$username'"); // Count the amount of rows where username = $username
$e_check = mysqli_query("SELECT email FROM users WHERE email='$email'"); //Check whether Email already exists in the database
// checking the amount of rows where username is equal to $username - avoid two users with same username - same idea for email
$check = mysqli_num_rows($u_check);
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
// If no matches found then: 1. check all fields are completed correctly:
if ($firstname && $lastname && $username && $email && $email2 && $password && $password2 && $DOBDay && $DOBMonth && $DOBYear && $gender) {
// 1.2. check that passwords match:
if ($password==$password2) {
-------------------- CODE WHICH IS APPEARING IN THE HEADER ---------------------
// 1.2.1. Check fields are of valid length
if (strlen($username) > 25 || strlen($firstname) > 25 || strlen($lastname) > 25 || strlen($password) > 25) {
echo "The maximum character limit is 25.";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 6 characters
if (strlen($password)>25||strlen($password)<6) {
echo "Your password must be between 6 and 25 characters long!";
}
else
{
// if everything correct, encrypt passwords using MD5 before sending it to server.
$password = md5($password);
$password2 = md5($password2);
$query = mysqli_query("INSERT INTO users VALUES (``, `$firstname`, `$lastname`, `$username`, `$email`, `$password`, `$sign_up_date`)");
die("<h2>Welcome to Aston Unified</h2> Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
_______________________________________________________________________
?>
Any ideas as to why this behavior is occurring?
Seems php short tags <? is off and you have used that. Try to use <?php and then check.
If you need to use that then set
short_open_tag=On
in php.ini and restart your Apache server.
you should enable short tag in php.ini (add short_open_tag=On in your php.ini) or use <?php in place of <?
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 7 years ago.
I am writing a website. But i keep having a unknown error.
it says:
"Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/social business kopie/index.php on line 29"
I don't know what i have to change about my php code and i am just a beginner. Please can someone help me?
Line 29
index.php:
<?php
$reg = #$_POST['reg'];<p>
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; // Password 2
$d = ""; // Sign up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysqli_num_rows($u_check);
if ($check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0')");
die("
Welcome to findFriends
Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
?>
you are mixing mysql and mysqli functions. I really recommend you to use mysqli functions, as the others are deprecated