I am using x10hosting.com, I have set up a database and a user for the database, I have also coded the register user page but when I enter all the data and click submit I do not receive any error messages so I am guessing it is connecting to the database just fine but no data is being saved to the tables in the database, here is my code. Any suggestions would be helpful as I have revised my code multiple times now but still nothing has fixed it
<?php
require_once("config.php");
if (!isset($_POST['submit'])) {
?> <!-- The HTML registration form -->
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Please fill the following form to sign up:<br /><br />
Username*: <input type="text" name="username" /><br />
Password*: <input type="password" name="password" /><br />
Password Verify*: <input type="password" name="passwordVeri" /><br />
First name: <input type="text" name="firstName" /><br />
Last name: <input type="text" name="lastName" /><br />
Email*: <input type="type" name="emailAddress" /><br />
Relationship Status*: <input type="type" select name="relationshipStatus" /><br />
<option value="Single">Single</option>
<option value="Taken">Taken</option>
</select>
Country*: <input type="type" name="country" /><br />
City*: <input type="type" name="city" /><br />
Postcode*: <input type="type" name="postCode" /><br />
Mobile number*: <input type="type" name="mobileNumber" /><br />
Gender*: <input type="type" select name="gender" /><br />
<option value="Single">Single</option>
<option value="Taken">Taken</option>
</select>
Date of Birth*: <input type="type" name="dateOfBirth" /> (Format: DD-MM-YYYY)<br />
<input type="submit" name="submit" value="Register" />
</form>
<?php
} else {
## connect mysql server
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
# protect data for insertion
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$emailAddress = mysql_real_escape_string($_POST['emailAddress']);
$firstName = mysql_real_escape_string($_POST['firstName']);
$lastName = mysql_real_escape_string($_POST['lastName']);
$country = mysql_real_escape_string($_POST['country']);
$city = mysql_real_escape_string($_POST['city']);
$relationshipStatus = mysql_real_escape_string($_POST['relationshipStatus']);
$postCode = mysql_real_escape_string($_POST['postCode']);
$mobileNumber = mysql_real_escape_string($_POST['mobileNumber']);
$dateOfBirth = mysql_real_escape_string($_POST['dateOfBirth']);
$gender = mysql_real_escape_string($_POST['gender']);
//set every user to 0
$_POST['accountType'] = 0;
$accountType = mysql_real_escape_string($_POST['accountType']);
//check if the two passwords are identical
if($_POST['password']==$_POST['passwordVeri'])
{
}
else
{
//Otherwise, passwords are not identical
echo "<p>Passwords do not match!</p>";;
}
//We check if the password has 6 or more characters
if(strlen($_POST['password'])>=6)
{
}
else
{
//Otherwise, passwords are not identical
echo "<p>Password must be 6 or more characters!</p>";;
}
//We check if the email form is valid
if(preg_match('#^(([a-z0-9!\#$%&\\\'*+/=?^_`{|}~-]+\.?)*[a-z0-9!\#$%&\\\'*+/=?^_`{|}~-]+)#(([a-z0-9-_]+\.?)*[a-z0-9-_]+)\.[a-z]{2,}$#i',
$_POST['emailAddress']))
{
}
else
{
//Otherwise, email not valid
echo "<p>The email you entered is not valid.!</p>";;
}
# check if username and email exist else insert
$exists = 0;
$result = $mysqli->query("SELECT username from User WHERE username = '{$username}' LIMIT 1");
if ($result->num_rows == 1) {
$exists = 1;
$result = $mysqli->query("SELECT emailAddress from Member WHERE emailAddress = '{$emailAddress}' LIMIT 1");
if ($result->num_rows == 1) $exists = 2;
} else {
$result = $mysqli->query("SELECT emailAddress from Member WHERE emailAddress = '{$emailAddress}' LIMIT 1");
if ($result->num_rows == 1) $exists = 3;
}
if ($exists == 1) echo "<p>Username already exists!</p>";
else if ($exists == 2) echo "<p>Username and Email already exists!</p>";
else if ($exists == 3) echo "<p>Email already exists!</p>";
else {
# insert data into mysql database
$sql = "INSERT INTO `user` (`Userid`, `username`, `password`, `accountType`)
VALUES (NULL, '{$username}', '{$password}', '{$accountType}')";
"INSERT INTO `Member` (`firstName`, `lastName`, `gender`, `emailAddress`, `city`, `country`, `postCode`, `relationshipStatus`, `mobileNumber`)
VALUES (NULL, '{$firstName}', '{$lastName}', '{$gender}', '{$emailAddress}', '{$city}', '{$country}', '{$postCode}', '{$relationshipStatus}', '{$mobileNumber}')";
if ($mysqli->query($sql)) {
//echo "New Record has id ".$mysqli->insert_id;
echo "<p>Registred successfully!</p>";
} else {
echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
exit();
}
}
}
}
?>
Firstly, you're mixing mysql_ with mysqli_ functions.
Also, your INSERT's columns and VALUES do not match. You have 9x columns for your INSERT and 10x VALUES for your Member table (VALUES).
$sql = "INSERT INTO `user` (`Userid`, `username`, `password`, `accountType`)
VALUES (NULL, '{$username}', '{$password}', '{$accountType}')";
"INSERT INTO `Member` (`firstName`, `lastName`, `gender`, `emailAddress`, `city`, `country`, `postCode`, `relationshipStatus`, `mobileNumber`)
VALUES (NULL, '{$firstName}', '{$lastName}', '{$gender}', '{$emailAddress}', '{$city}', '{$country}', '{$postCode}', '{$relationshipStatus}', '{$mobileNumber}')";
Either remove the NULL for your Member query or add the appropriate USER_ID field for it, before firstName. That alone will stop your query from executing.
To use mysqli_real_escape_string, you will need to change what you presently have, to:
# protect data for insertion
$username = mysqli_real_escape_string($mysqli,$_POST['username']);
$password = mysqli_real_escape_string($mysqli,$_POST['password']);
$emailAddress = mysqli_real_escape_string($mysqli,$_POST['emailAddress']);
$firstName = mysqli_real_escape_string($mysqli,$_POST['firstName']);
$lastName = mysqli_real_escape_string($mysqli,$_POST['lastName']);
$country = mysqli_real_escape_string($mysqli,$_POST['country']);
$city = mysqli_real_escape_string($mysqli,$_POST['city']);
$relationshipStatus = mysqli_real_escape_string($mysqli,$_POST['relationshipStatus']);
$postCode = mysqli_real_escape_string($mysqli,$_POST['postCode']);
$mobileNumber = mysqli_real_escape_string($mysqli,$_POST['mobileNumber']);
$dateOfBirth = mysqli_real_escape_string($mysqli,$_POST['dateOfBirth']);
$gender = mysqli_real_escape_string($mysqli,$_POST['gender']);
//set every user to 0
$_POST['accountType'] = 0;
$accountType = mysqli_real_escape_string($mysqli,$_POST['accountType']);
Also, you could do what you did for your first query by doing the following:
$sql2 = "INSERT INTO `Member` (`firstName`, `lastName`, `gender`, `emailAddress`, `city`, `country`, `postCode`, `relationshipStatus`, `mobileNumber`)
VALUES ('{$firstName}', '{$lastName}', '{$gender}', '{$emailAddress}', '{$city}', '{$country}', '{$postCode}', '{$relationshipStatus}', '{$mobileNumber}')";
if ($mysqli->query($sql2)) {
//echo "New Record has id ".$mysqli->insert_id;
echo "<p>Member table updated successfully!</p>";
} else {
echo "<p>MySQL Member table error no {$mysqli->errno} : {$mysqli->error}</p>";
exit();
}
Your code has a problem with brackets:
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
...blablah your entire code...
}
Instead of:
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
...blablah your entire code...
So your code will be never executed. This is the correct version:
<?php
require_once("config.php");
if (!isset($_POST['submit'])) {
?> <!-- The HTML registration form -->
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Please fill the following form to sign up:<br /><br />
Username*: <input type="text" name="username" /><br />
Password*: <input type="password" name="password" /><br />
Password Verify*: <input type="password" name="passwordVeri" /><br />
First name: <input type="text" name="firstName" /><br />
Last name: <input type="text" name="lastName" /><br />
Email*: <input type="type" name="emailAddress" /><br />
Relationship Status*: <input type="type" select name="relationshipStatus" /><br />
<option value="Single">Single</option>
<option value="Taken">Taken</option>
</select>
Country*: <input type="type" name="country" /><br />
City*: <input type="type" name="city" /><br />
Postcode*: <input type="type" name="postCode" /><br />
Mobile number*: <input type="type" name="mobileNumber" /><br />
Gender*: <input type="type" select name="gender" /><br />
<option value="Single">Single</option>
<option value="Taken">Taken</option>
</select>
Date of Birth*: <input type="type" name="dateOfBirth" /> (Format: DD-MM-YYYY)<br />
<input type="submit" name="submit" value="Register" />
</form>
<?php
} else {
## connect mysql server
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
# protect data for insertion
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$emailAddress = mysql_real_escape_string($_POST['emailAddress']);
$firstName = mysql_real_escape_string($_POST['firstName']);
$lastName = mysql_real_escape_string($_POST['lastName']);
$country = mysql_real_escape_string($_POST['country']);
$city = mysql_real_escape_string($_POST['city']);
$relationshipStatus = mysql_real_escape_string($_POST['relationshipStatus']);
$postCode = mysql_real_escape_string($_POST['postCode']);
$mobileNumber = mysql_real_escape_string($_POST['mobileNumber']);
$dateOfBirth = mysql_real_escape_string($_POST['dateOfBirth']);
$gender = mysql_real_escape_string($_POST['gender']);
//set every user to 0
$_POST['accountType'] = 0;
$accountType = mysql_real_escape_string($_POST['accountType']);
//check if the two passwords are identical
if($_POST['password']==$_POST['passwordVeri'])
{
}
else
{
//Otherwise, passwords are not identical
echo "<p>Passwords do not match!</p>";;
}
//We check if the password has 6 or more characters
if(strlen($_POST['password'])>=6)
{
}
else
{
//Otherwise, passwords are not identical
echo "<p>Password must be 6 or more characters!</p>";;
}
//We check if the email form is valid
if(preg_match('#^(([a-z0-9!\#$%&\\\'*+/=?^_`{|}~-]+\.?)*[a-z0-9!\#$%&\\\'*+/=?^_`{|}~-]+)#(([a-z0-9-_]+\.?)*[a-z0-9-_]+)\.[a-z]{2,}$#i',
$_POST['emailAddress']))
{
}
else
{
//Otherwise, email not valid
echo "<p>The email you entered is not valid.!</p>";;
}
# check if username and email exist else insert
$exists = 0;
$result = $mysqli->query("SELECT username from User WHERE username = '{$username}' LIMIT 1");
if ($result->num_rows == 1) {
$exists = 1;
$result = $mysqli->query("SELECT emailAddress from Member WHERE emailAddress = '{$emailAddress}' LIMIT 1");
if ($result->num_rows == 1) $exists = 2;
} else {
$result = $mysqli->query("SELECT emailAddress from Member WHERE emailAddress = '{$emailAddress}' LIMIT 1");
if ($result->num_rows == 1) $exists = 3;
}
if ($exists == 1) echo "<p>Username already exists!</p>";
else if ($exists == 2) echo "<p>Username and Email already exists!</p>";
else if ($exists == 3) echo "<p>Email already exists!</p>";
else {
# insert data into mysql database
$sql = "INSERT INTO `user` (`Userid`, `username`, `password`, `accountType`)
VALUES (NULL, '{$username}', '{$password}', '{$accountType}')";
"INSERT INTO `Member` (`firstName`, `lastName`, `gender`, `emailAddress`, `city`, `country`, `postCode`, `relationshipStatus`, `mobileNumber`)
VALUES (NULL, '{$firstName}', '{$lastName}', '{$gender}', '{$emailAddress}', '{$city}', '{$country}', '{$postCode}', '{$relationshipStatus}', '{$mobileNumber}')";
if ($mysqli->query($sql)) {
//echo "New Record has id ".$mysqli->insert_id;
echo "<p>Registred successfully!</p>";
} else {
echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
exit();
}
}
}
Related
Im trying to create a sign up page. I followed a guide but its erroring and im presented with a blank screen when i run it. I think i may of misunderstood some code. any help would be greatly appreciated.
<?php
if (isset($_POST['register'])){
if (empty($_POST['email']) &&
(empty($_POST['username']) &&
(empty($_POST['password']) &&
(empty($_POST['re-enter']) &&
(empty($_POST['title']) &&
(empty($_POST['first name']) &&
(empty($_POST['second name']) &&
(empty($_POST['address']) &&
(empty($_POST['postcode']) &&
(empty($_POST['contactnumber'])){
$email=$_POST['email'];
$username=$_POST['username'];
$password=$_POST[['password'];
$reenter=$_POST['re-enter'];
$title=$_POST['title'];
$firstname=$_POST['firstname'];
$secondname=$_POST['secondname'];
$address=$_POST['address'];
$postcode=$_POST['postcode'];
$contactnum=$_POST['contactnumber'];
if ($password == $reenter) {
$conn = mysqli_connect('127.0.0.1', 'i7266***', 'Winter****', 'i72*****');
$emailquery = "SELECT * FROM UserTable WHERE email = '$email'";
$r = mysqli_query($conn, $emailquery);
$count = mysqli_num_rows($r);
if ($count == 1) {
echo "Email already exists";
} else {
$query = "INSERT INTO UserTable VALUES ('$username', '$password', '$email', '$title', '$firstname', '$secondname', '$address', '$postcode', '$contactnum')";
$run = mysqli_query($conn, $query);
echo "Customer account has been created";
}
} else {
echo "Passwords did not match";
}
} else {
echo "please enter your details to register";
}
}else {
echo "Please enter details to register";
}
?>
<form method="POST" action="">
Email:
<input type="email" name="email"><br>
Username:
<input type="text" name="username"><br>
Password:
<input type="password" name="password"><br>
Re-enter password:
<input type="password" name="re-enter"><br>
Title:
<input type="text" name="title"><br>
First name:
<input type="text" name="firstname"><br>
Second name:
<input type="text" name="secondname"><br>
Address
<input type="text" name="address"><br>
Postcode:
<input type="text" name="postcode"><br>
Contact number
<input type="number" name="contactnumber"><br>
<br>
<input type="submit" name="register" value="Register">
You are not closing the '( )' in the second if in all the evaluations and you have one more of this '[' in $password=$_POST[['password'];
Try this:
<?php
if (isset($_POST['register'])){
if ((empty($_POST['email'])) &&
(empty($_POST['username'])) &&
(empty($_POST['password'])) &&
(empty($_POST['re-enter'])) &&
(empty($_POST['title'])) &&
(empty($_POST['first name'])) &&
(empty($_POST['second name'])) &&
(empty($_POST['address'])) &&
(empty($_POST['postcode'])) &&
(empty($_POST['contactnumber']))){
$email=$_POST['email'];
$username=$_POST['username'];
$password=$_POST['password'];
$reenter=$_POST['re-enter'];
$title=$_POST['title'];
$firstname=$_POST['firstname'];
$secondname=$_POST['secondname'];
$address=$_POST['address'];
$postcode=$_POST['postcode'];
$contactnum=$_POST['contactnumber'];
if ($password == $reenter) {
$conn = mysqli_connect('127.0.0.1', 'i7266***', 'Winter****', 'i72*****');
$emailquery = "SELECT * FROM UserTable WHERE email = '$email'";
$r = mysqli_query($conn, $emailquery);
$count = mysqli_num_rows($r);
if ($count == 1) {
echo "Email already exists";
} else {
$query = "INSERT INTO UserTable VALUES ('$username', '$password', '$email', '$title', '$firstname', '$secondname', '$address', '$postcode', '$contactnum')";
$run = mysqli_query($conn, $query);
echo "Customer account has been created";
}
} else {
echo "Passwords did not match";
}
} else {
echo "please enter your details to register";
}
}else {
echo "Please enter details to register";
}
?>
<form method="POST" action="">
Email:
<input type="email" name="email"><br>
Username:
<input type="text" name="username"><br>
Password:
<input type="password" name="password"><br>
Re-enter password:
<input type="password" name="re-enter"><br>
Title:
<input type="text" name="title"><br>
First name:
<input type="text" name="firstname"><br>
Second name:
<input type="text" name="secondname"><br>
Address
<input type="text" name="address"><br>
Postcode:
<input type="text" name="postcode"><br>
Contact number
<input type="number" name="contactnumber"><br>
<br>
<input type="submit" name="register" value="Register">
Hope works for you.
The syntax are fine now but the logic is wrong, as #Niet the Dark Absol says: You are processing the form only if ALL of them ARE empty.
I have a registration form. In the database, the username and email are unique index. When the form submits and username or email are already present in the database, the values are not inserted. I want to notify the user that the values were not inserted. How can i do this?
HTML
<form action="register.php" method="post" id="reg" onsubmit='return validate();'>
Company Name:
<input type="text" class="inputs" name="name" id="name" /><br />
Email:
<input type="text" class="inputs" name="email" id="txtEmail" /><br />
User name:
<input type="text" class="inputs" name="uname" id="uname"/><br />
Password:
<input type="password" class="inputs" name="pass" id="pass1"/><br />
Conferm Password:
<input type="password" class="inputs" name="cpass" id="pass2"/><br /><br />
<input type="submit" value="Register" class="button" />
</form>
register.php:
include ("db.php");
if (isset($_POST['register'])) {
echo $name = ($_POST["name"]);
echo $email = ($_POST["email"]);
echo $uname = ($_POST["uname"]);
echo $password = ($_POST["pass"]);
mysqli_query($con,"INSERT INTO company_profile(user_name, password, company_name, email, phone, country, activation_string) VALUES ('$uname','$password','$name','$email','','','')");
}
*Sweet And Short *
First check that username or email is exist or not using select query if resulting is 0 (it means not exists), Insert query will run ahead
<?php
if($_POST['register']){
$uname = $_POST['uname'];
$email = $_POST['email'];
$name= $_POST['name'];
$pass= $_POST['pass'];
$result = mysqli_query($con, 'SELECT * from TABLE_NAME where email_id = "'.$email.'" or username = "'.$uname.'" ');
if(mysqli_num_rows($result) > 0){
echo "Username or email already exists.";
}else{
$query = mysqli_query($con , 'INSERT INTO TABLE_NAME (`email_id`, `username`,`name`,`pass`) VALUES("'.$email.'", "'.$email.'", "'.$uname.'","'.$name.'", "'.$pass.'")');
if($query){
echo "data are inserted successfully.";
}else{
echo "failed to insert data.";
}
}
}
?>
The query method would return true or false, depending on if the row has been inserted or not.
Try the following Code
include ("db.php");
if (isset($_POST['register']))
{
echo $name = ($_POST["name"]);
echo $email = ($_POST["email"]);
echo $uname = ($_POST["uname"]);
echo $password = ($_POST["pass"]);
$var = mysqli_query('SELECT * from company_profile where email_id = "'.$email.'" or username = "'.$uname.'" ');
$num = mysqli_num_rows($var);
if($num==0)
{
$result = INSERT INTO company_profile(user_name, password, company_name, email, phone, country, activation_string) VALUES ('$uname','$password','$name','$email','','','');
$res = mysqli_query($result);
if($res)
{
echo "Records Inserted Successfully!!";
}
else
{
echo "Records Inserted Failed!!";
}
}
else
{
echo "User with the Details Already exists!!"
}
}
I'd like to know if there are any errors/exploits in this piece of coding, and also can someone help me because I register but it doesn't insert data into the database. If there are any mistakes can you correct them please. I want it so if the username exists, redirect them to error?=1, and so on with passwords not matching. Any help is appreciated.
Register.php
<form action="register_acc.php" method="post">
<input type="text" name="username" class="input" value="" autocomplete="off" placeholder="Username" maxlength="25" /><br />
<br />
<input type="password" name="password" class="input" value="" autocomplete="off" placeholder="Password" maxlength="20" /><br />
<br />
<input type="password" name="password2" class="input" value="" autocomplete="off" placeholder="Password again" maxlength="20" /><br />
<br />
<input type="text" name="email" class="input" value="" autocomplete="off" placeholder="Email" maxlength="255" /><br />
<br />
<input type="submit" name="submit "class="submit" value="Sign up">
</form>
register_acc.php
<?php
error_reporting(1);
include 'site/inc/config.php';
if (isset($_POST['submit'])) {
session_start();
$username = $_POST['username'];
$password = md5($_POST['password']);
$pass_conf = md5($_POST['password2']);
$email = $_POST['email'];
$ip = $_SERVER['REMOTE_ADDR'];
$date= date("d-m-Y");
$q = "SELECT * FROM `users` WHERE username = '$username'";
$r = mysql_query($q);
if (empty($username)) {
header("Location: register.php?error=1");
exit;
}
if ($password != $pass_conf) {
header("Location: /site/register.php?error=2");
exit;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: /site/register.php?error=3");
exit;
}
if (mysql_num_rows($r) == 0) {
// Continue w/ registration, username is available!
$query = "INSERT INTO `users` (id, username, password, email, ip, rank, reg_date)
VALUES (0, '$username', '$password', '$email', '$ip', 1, '$date'())";
$run = mysql_query($query);
header("Location: /site/register.php?succsess=1");
}
}
else {
header("Location: register.php?error=4");
}
?>
You don't concatenate the $username variable into the query.
Try this:
"SELECT * FROM `users` WHERE username = '".$username."'"
Also your INSERT query looks a bit weird with the date() function. Try this:
$date = date("Y-m-d");
"INSERT INTO `users` (id, username, password, email, ip, rank, reg_date)
VALUES (0, '$username', '$password', '$email', '$ip', 1, '".$date."')"
EDIT: SCRIPT EXAMPLE
<?php
if(!isset($_POST['username'])||!isset($_POST['email'])||!isset($_POST['password']))//enter more values if necessary
{
header("Location: error_page.php?error=1");
}
else
{
//do whatever, eg execute query
}
?>
I am a beginner PHP coder. I want it to be if when they register for my php code, it echos "You have been registered", instead of just showing a blank page. This is my code:
<?php
require('config.php');
if(isset($_POST['submit'])){
//Preform the verification of the nation
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($email1 == $email2) {
if($pass1 == $pass2) {
//All good. Carry on.
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($_POST['email1']);
$email2 = mysql_escape_string($_POST['email2']);
$pass1 = mysql_escape_string($_POST['pass1']);
$pass2 = mysql_escape_string($_POST['pass2']);
$pass1 = md5($pass1);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname'");
if(mysql_num_rows($sql) > 0) {
echo "Sorry, that user already exists!";
exit();
}
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`,
`pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1',
'$pass1')");
}else{
echo "Sorry, your passwords do not match<br><br>";
exit();
}
}else{
echo "Sorry, your emails do not match.<br><br>";
}
}else{
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="password" name="pass1" /><br />
Confirm Password: <input type="password" name="pass2" /><br />
<input type="submit" value="Register" name="submit" />
</form>
EOT;
echo $form;
}
?>
As you can see, there is no echo for if everything works. Please help me add an echo if they're registrations gets registered!!
Just check the return of the insert query.
$result = mysql_query("INSERT ...");
if ($result) {
echo "Created!";
} else {
echo "Uh oh! Something went wrong!";
}
In your case - You could just type:
echo "Congratulations, You've been submitted";
or whatever you want to say just under the insert statement
before the last
}else{
in your code put
echo "You have signed up";
and that's it :)
I'm trying to check if the username is available and display it for the user to see when they check there account settings, which I have done.
BUT when the user tries to fill out another field I get the Your username is unavailable! which should not pop up because its the users username already. I want to know how can I fix this problem using PHP so that the users name is displayed every time the user views their account settings and it wont cause problems when a user submits additional info?
Here is the PHP code.
if (isset($_POST['submitted'])) {
require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8');
$config->set('HTML.Doctype', 'XHTML 1.0 Strict');
$config->set('HTML.TidyLevel', 'heavy');
$config->set('HTML.SafeObject', true);
$config->set('HTML.SafeEmbed', true);
$purifier = new HTMLPurifier($config);
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"SELECT users.*
FROM users
WHERE user_id=3");
$first_name = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['first_name']))));
$username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username']))));
if($_POST['username']) {
$u = "SELECT user_id
FROM users
WHERE username = '$username'";
$r = mysqli_query ($mysqli, $u) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($mysqli));
if (mysqli_num_rows($r) == TRUE) {
$username = NULL;
echo '<p class="error">Your username is unavailable!</p>';
} else if(mysqli_num_rows($r) == 0) {
$username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username']))));
if ($_POST['password1'] == $_POST['password2']) {
$sha512 = hash('sha512', $_POST['password1']);
$password = mysqli_real_escape_string($mysqli, $purifier->purify(strip_tags($sha512)));
} else {
$password = NULL;
}
if($password == NULL) {
echo '<p class="error">Your password did not match the confirmed password!</p>';
} else {
if (mysqli_num_rows($dbc) == 0) {
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, first_name, username, password)
VALUES ('$user_id', '$first_name', '$username', '$password')");
}
if ($dbc == TRUE) {
$dbc = mysqli_query($mysqli,"UPDATE users
SET first_name = '$first_name', username = '$username', password = '$password'
WHERE user_id = '$user_id'");
echo '<p class="changes-saved">Your changes have been saved!</p>';
}
if (!$dbc) {
print mysqli_error($mysqli);
return;
}
}
}
}
}
Here is the html form.
<form method="post" action="index.php">
<fieldset>
<ul>
<li><label for="first_name">First Name: </label><input type="text" name="first_name" id="first_name" size="25" class="input-size" value="<?php if (isset($_POST['first_name'])) { echo stripslashes(htmlentities(strip_tags($_POST['first_name']))); } else if(!empty($first_name)) { echo stripslashes(htmlentities(strip_tags($first_name))); } ?>" /></li>
<li><label for="username">UserName: </label><input type="text" name="username" id="username" size="25" class="input-size" value="<?php if (isset($_POST['username'])) { echo stripslashes(htmlentities(strip_tags($_POST['username']))); } else if(!empty($username)) { echo stripslashes(htmlentities(strip_tags($username))); } ?>" /><br /><span>(ex: CSSKing, butterball)</span></li>
<li><label for="password1">Password: </label><input type="password" name="password1" id="password1" size="25" class="input-size" value="<?php if (isset($_POST['password1'])) { echo stripslashes(htmlentities(strip_tags($_POST['password1']))); } ?>" /></li>
<li><label for="password2">Confirm Password: </label><input type="password" name="password2" id="password2" size="25" class="input-size" value="<?php if (isset($_POST['password2'])) { echo stripslashes(htmlentities(strip_tags($_POST['password2']))); } ?>" /></li>
<li><input type="submit" name="submit" value="Save Changes" class="save-button" />
<input type="hidden" name="submitted" value="true" />
<input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li>
</ul>
</fieldset>
</form>
When you're checking for the submitted form on these lines:
if($_POST['username']) {
$u = "SELECT user_id
FROM users
WHERE username = '$username'";
You should put the user's id to prevent getting locked into the same record:
$u = "SELECT user_id
FROM users
WHERE username = '$username'
AND user_id <> 3";
That's because the checking needs to be done on ALL other user's username field, EXCLUDING the current user :)
Hope this helps!