I'm working on a registration form for my website.
One of the fields on my registration form is a drop down box that is populated by a table on my MySQL database.
I originally wrote the registration script a different way but I needed to change how the form worked to accommodate the new drop down box and the way it gathered its data.
Before the changes the form was successfully submitted, but now it just gives me a white screen.
I have checked the mysqli_connect.php with an if-else statement. It showed that it was working but no registrations were being sent to the MySQL server when the submit button was pressed. Also, the drop down box was not showing any of the content from the MySQL table that it was linked to.
Below is a copy of the script that I am using:
<?php
#ini_set('display_errors', 'on');
echo "<h1>Register</h1>";
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$errors = array();
if (empty($_POST['firstname'])){
$errors[] = 'Your forgot to enter your first name.';
}else{
$firstname = trim($_POST['firstname']);
}
if (empty($_POST['lastname'])){
$errors[] = 'Your forgot to enter your last name.';
}else{
$lastname = trim($_POST['lastname']);
}
if (empty($_POST['username'])){
$errors[] = 'Your forgot to enter your username.';
}else{
$username = trim($_POST['username']);
}
if (!empty($_POST['password1'])) {
if ($_POST['password1'] != $_POST ['password2']) {
$errors[] = 'Your password did not match the confirmed password!';
}else{
$password = trim($_POST['password1']);
}
} else {
$errors[] = 'You forgot to enter your password!';
}
if (empty($_POST['birthdate'])){
$errors[] = 'Your forgot to enter your birthdate.';
}else{
$birthdate = trim($_POST['birthdate']);
}
if (empty($_POST['gamespyid'])){
$errors[] = 'Your forgot to enter your gamespy id.';
}else{
$gamespyid = trim($_POST['gamespyid']);
}
if (empty($errors)) {
require ('mysqli_connect.php');
$q="INSERT INTO Users (firstname, lastname, username, password1, birthdate, gamespyid, base) VALUES ('$firstname', '$lastname', '$username', SHA1('$password1'), '$birthdate', '$gamespyid', '$base')";
$r = #mysql_query($dbc, $q);
if ($r){
echo'<p>You are now registered</p>';
}else{
echo'<p>You have not been registered</p>';
}
} else {
echo 'Error<br> <p>The following errors have occured:<br/>';
foreach ($error as $msg) {
echo " - $msg<br/>\n";
}
echo '</p><p>Please try again.</p><p><br/></p>';
} //if no errors
} //submit
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<title></title>
</head>
<body>
<form action="../pages/register.inc.php" method='POST'>
<table summary="REgform">
<tr>
<td>First Name:</td>
<td><input type='text' name='firstname' value='<?php echo $firstname; ?>'></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type='text' name='lastname'value='<?php echo $lastname; ?>'></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username'value='<?php echo $username; ?>'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password1'></td>
</tr>
<tr>
<td>Repeat Password:</td>
<td><input type='password' name='password2'></td>
</tr>
<tr>
<td>Birthdate:</td>
<td><input type='text ' name='birthdate'value='<?php echo $birthdate; ?>'></td>
</tr>
<tr>
<td>Gamespy Id:</td>
<td><input type='text' name='gamespyid'value='<?php echo $gamespyid; ?>'></td>
</tr>
<tr>
<td>Base:</td>
<td><select name="base" size="1">
<option>
Select One
</option>
<?php require('http://www.virtual-aviation.org/gatewayaviation/admin/mysqli_connect.php');
$q = "SELECT id, CONCAT_WS(' ', airport_name, airport_code) FROM airports ORDER BY airport_code ASC";
$r = mysqli_query ($dbc, $q);
if (mysqli_num_rows($r) > 0) {
while ($row = mysql_fetch_array ($r, MYSQL_NUM)) {
echo "<option value=\"$row[0]\"";
if (isset($_POST['existing']) && ($_POST['existing'] == $row[0]) ) echo 'selected="selected"'; echo ">$row[1]</option>\n";
}
} else {
echo '<option>Please a new airport first.</optioon>';
}
mysqli_close($dbc);
?>
</select></td>
</tr>
</table>
<p><input type='submit' name='submit' value='Register'></p>
</form>
</body>
</html>
Errors found in the dropdown box area
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in /home5/virtua15/public_html/gatewayaviation/pages/register.inc.php on line 178
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /home5/virtua15/public_html/gatewayaviation/pages/register.inc.php on line 180
Please a new airport first.
You can't require from 'http'. You need to change
require('http://www.virtual-aviation.org/gatewayaviation/admin/mysqli_connect.php');
to some local path like
require('mysqli_connect.php');
IMHO First check your mysql query by echoing it and then run the query through editor.
Second, although you have set display_errors but still you might not able to view the errors.
Related
This question already has answers here:
What does enctype='multipart/form-data' mean?
(9 answers)
Closed 6 years ago.
I have a simple registration form, in which I accept inputs from the user that includes an image, and insert the values in a table : temporary_employees table . In my code, I check whether the email id and the user id entered by the user already exists and if they dont , i go ahead and perform the insert after moving the image to a folder named 'images' . While running the code , I am getting an error Undefined index: image, on the line where I have the following piece of code :
$target_file = $target_path . basename ($_FILES['image']['name']);
The most interesting thing is the same line of code has worked perfectly well in another php file . I had given the same name for the input in the html form . . How is it possible ? Any help will be appreciated .
Here is my code :
//start the session before anything is echoed to the browser
if (session_status()===PHP_SESSION_NONE) {
session_start();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>
Login form
</title>
</head>
<body>
<h3>Registration Form</h3>
<form action ="" method="POST">
<table align="center" cellpadding="10">
<tr>
<td>Name</td>
<td><input type="text" maxlength='100' name="empname" id="empname" required></td>
</tr>
<tr>
<td>Email Id</td>
<td><input type="text" maxlength='100' name="emailid" id="emailid" required>
</td>
</tr>
<tr>
<td>User Id</td>
<td><input type="text" maxlength='100' name="userid" id="userid" required ></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" maxlength='100' name="pwd" id="pwd" required ></td>
</tr>
<tr>
<td>Date of Birth</td>
<td>
<select name='year'>
<option value='2015'>2015</option>
<option value='2016'>2016</option>
</select>
<select name='month'>
<option value='01'>January</option>
<option value='02'>February</option>
<option value='03'>March</option>
<option value='04'>April</option>
<option value='05'>May</option>
</select>
<select name='day'>
<option value='01'>1</option>
<option value='02'>2</option>
<option value='03'>3</option>
<option value='04'>4</option>
<option value='05'>5</option>
</select></td>
</tr>
<tr>
<td>Designation</td>
<td><input type="text" maxlength='100' name="designation" id="designation" required></td>
</tr>
<tr>
<td>Department</td>
<td><input type="text" maxlength='100' name="department" id="department" required></td>
</tr>
<tr>
<td>Image</td>
<td><input type="file" maxlength='100' name="image" required></td>
</tr>
<tr>
<td>
<input type="submit" name="login" value="Register Yourself">
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
//create a connection
$conn = mysqli_connect('localhost', 'root', '', 'attendance');
//on the click of submit button
if (isset($_POST['login'])) {
//capture the $_POST values
$name = $_POST['empname'];
$name = trim($name);
$email = $_POST['emailid'];
$email = trim($email);
$userid = $_POST['userid'];
$userid = trim($userid);
$pwd = $_POST['pwd'];
$pwd = trim($pwd);
$desg = $_POST['designation'];
$desg = trim($desg);
$dept = $_POST['department'];
$dept = trim($dept);
$day = $_POST['day'];
$month = $_POST['month'];
$year = $_POST['year'];
$date = $year.$month.$day;
//display a message if there is a blank entry for email
if ($email=="") {
echo "Please enter a valid email id";
}
//display a message if there is a blank entry for userid
if ($userid=="") {
echo "Please enter a valid User Id";
}
//check if the email id exists
$sql_check_email = "select * from employee where emp_email='$email';";
mysqli_query($conn, $sql_check_email);
$aff_email = mysqli_affected_rows($conn);
// if email id exists ..display message
if ($aff_email==1) {
$msgemail = "The email id exists";
echo $msgemail;
//display error message if there is an error
} else if ($aff_email>1) {
$msgemail = "There are multiple employees with the same email";
echo $msgemail;
//display message if there is an error firing the query
} else if ($aff_email<0) {
echo "There is an error ..Try again";
}
//check if the user id exists
$sql_check_userid = "select * from employee_login where emp_uid='$userid';";
mysqli_query($conn, $sql_check_userid);
$aff_userid = mysqli_affected_rows($conn);
if ($aff_userid==1) {
$umsg = "User id already exist";
echo $umsg;
//display error message if there is an error when the query is fired
} else if ($aff_userid<0) {
echo "There is an error ..Try again";
}
//if neither the user id nor the email id exist, upload image and do the insert
if ($aff_userid==0 && $aff_email==0) {
$target_path = "images/";
$target_file = $target_path . basename ($_FILES['image']['name']);
//if the image is moved to the images folder , do the insert
if (move_uploaded_file($_FILES['image']['tmp_name'], $target_file)) {
$image = basename($_FILES['image']['name']);
$sql_ins = "INSERT INTO temporary_employee(emp_uid,emp_pwd,
emp_name,emp_email,emp_dob,emp_designation,
emp_department,emp_image)
VALUES('$userid','$pwd','$name','$email','$date',
'$desg','$dept','$image')";
mysqli_query($conn, $sql_ins);
$aff_insert = mysqli_affected_rows($conn);
//display success message if insert is successfull
if ($aff_insert==1) {
echo "You have successfully registered ...awaiting approval by admin";
//display message if there were no insert
} else if ($aff_insert==0) {
echo "The registration has failed ..Try again";
//diplay error message if there was an error while firing the insert query
} else if ($aff_insert<0) {
echo "There was an error ..Try again";
}
}
}
}
?>
While using Image Uploading in the form you have to use the enctype in the form attribute.
<form action ="" method="POST" enctype="multipart/form-data">
</form>
Change
<form action ="" method="POST">
to
<form enctype="multipart/form-data">
And try again.
The enctype attribute specifies how the form-data should be encoded when submitting it to the server.
I am making a registration form and i trying to output the form on the same page as the php code it is not working i am using echo but nothing get this displayed. All code looks ok but nothing. Any help appreciated.
<?php include("../includes/header.php");
// Begin Create new user function
// Variables that data come from the submission form
$username = $_POST["user"]; // Username that will be MD5'ed
$usernamereal = $_POST["user"]; // Username
$password = $_POST["pass"]; // Password that will be MD5'ed
$name = $_POST["name"]; // Name
$address = $_POST["address"]; // Address
$suburb = $_POST["suburb"]; // Suburb
$state = $_POST["state"]; // State
$postcode = $_POST["postcode"]; // Postcode
$phone1 = $_POST["phone1"]; // Phone Number 1
$phone2 = $_POST["phone2"]; // Phone Number 2
$emailaddress = $_POST["email"]; // Email Address
// Get IP Address of user
$ipaddress = $_SERVER["REMOTE_ADDR"];
/* Check if all the sections are completed as a whole, then if one isn't
filled out display the error message for that/those particular variables. */
if ((!$username) || (!$password) || (!$name) || (!$address) || (!$suburb) || (!$state) || (!$postcode) || (!$phone1) || (!$phone2) || (!$emailaddress)) {
echo "You didn't submit the following required information:<br><br>";
if(!$username) {
echo "Please enter a username<br>";
}
if (!$password) {
echo "Please enter a password<br>";
}
if (!$name) {
echo "Please enter a name<br>";
}
if (!$address) {
echo "Please enter a address<br>";
}
if (!$suburb) {
echo "Please enter a suburb<br>";
}
if (!$state) {
echo "Please enter a state<br>";
}
if (!$postcode) {
echo "Please enter a postcode<br>";
}
if (!$phone1) {
echo "Please enter a phone number for phone number 1<br>";
}
if (!$phone2) {
echo "Please enter a phone number for phone number 2<br>";
}
if (!$emailaddress) {
echo "Please enter a email address<br>";
}
exit(); // If there are errors then we quit this script
}
// Check if postcode is a numeric
if ((!is_numeric($postcode))) {
echo "Please enter a postcode";
exit();
}
// Check if phone number 1 is a numeric
if ((!is_numeric($phone1))) {
echo "Please enter a phone number for phone number 1";
exit();
}
// Check if phone number 2 is a numeric
if ((!is_numeric($phone2))) {
echo "Please enter a phone number for phone number 2";
exit();
}
// Use Connect Script
include("connect.php");
// Get date from MySQL Server
$currentdatetime = mysql_query('select now()');
$curdatetime = mysql_result($currentdatetime,0);
/* Check if username exists. If not then add all data to the database.
If so then ask user for another name to try. */
// MD5 Username and Password
$username = MD5($username);
$password = MD5($password);
// Check if the username exists
$usernameinuse = mysql_query("SELECT * FROM userdata WHERE userid = '$username'");
$isusernameinuse = mysql_num_rows($usernameinuse);
// If username exists then print error message and exit script
if ($isusernameinuse == 1) {
echo "The username you selected is already been used by another member.<BR>Go back and select a new username";
exit;
}
else {
// Find out how many users there are so that you can determine the next user number
$usercount = mysql_query("SELECT * FROM userdata");
$noofusers = mysql_num_rows($usercount);
// New user number = User number + 1
$usernumber = $noofusers + 1;
// Insert the new user to the database since everything is fine
mysql_query("INSERT INTO userdata VALUES ('$username','$password','$name','$address','$suburb','$state','$postcode','$phone1','$phone2','$emailaddress','$curdatetime','$ipaddress','$usernumber','$usernamereal')");
// Print Successful Creation of user message
echo "User " . $usernamereal . " has been created successfully.<BR>Click login at the top to login.";
}
echo "
<div class='main-content-wrap'>
<div class='main-content'>
<h1>CREATE YOUR ACCOUNT:</h1>
<div id='main'>
<div id='regbox'>
<form name='newUser' action='".$_SERVER['PHP_SELF']."' method='post'>
<table border='0' width='100%' id='table1' height='321'>
<tr>
<td width='115'><font face='Tahoma'>Email</font></td>
<td> <input type='text' name='email' /></td>
</tr>
<tr>
<td width='115'><font face='Tahoma'>Password</font></td>
<td> <input type='password' name='pass' maxlength='15' /></td>
</tr>
<tr>
<td width='115'><font face='Tahoma'>First Name</font></td>
<td> <input type='text' name='fname' /></td>
</tr>
<tr>
<td width='115'><font face='Tahoma'>Last Name</font></td>
<td> <input type='text' name='lname' /></td>
</tr>
<tr>
<td width='115'><font face='Tahoma'>Phone</font></td>
<td> <input type='text' name='phone' maxlength='10'/></td>
</tr>
<tr>
<td width='115'><font face='Tahoma'>Username:</font></td>
<td> <input type='text' name='username' maxlength='15'/></td>
</tr>
<tr>
<td width='115'><font face='Tahoma'>ZNZ Single ID</font></td>
<td> <input type='text' name='znzasid' /></td>
</tr>
<tr>
<td width='115'><font face='Tahoma'>ZNZ Double ID</font></td>
<td> <input type='text' name='znzdid' /></td>
</tr>
<tr>
<td width='115'><font face='Tahoma'>Empower Network ID</font></td>
<td> <input type='text' name='enid' /></td>
</tr>
<tr>
<td width='115'><font face='Tahoma'>ZNZADTEAM LINK</font></td>
<td> <input type='text' name='znztl' maxlength='5'/></td>
</tr>
<tr>
<td width='115'><font face='Tahoma'>Verification</font></td>
<td> <input type='text' name='captcha'/></td>
</tr>
<tr>
<td width='115' height='44'> </td>
<td height='44'> <input type='submit' value='Create User'>
<input type='reset' value='Reset'></td>
</tr>
</table>
</form>
</div>
</div>
</div>
";
include("../includes/footer.php"); ?>
Your divs are unmatched. You have 4 opening divs and only 3 closing divs.
I have a form in my website, but I can't fix one problem. When I write some text in the form box, it sends the data to the database. When I hit refresh, the page sends the same data again, to the database. What is the problem with my code?
<?php
if(isset($_POST['submit']))
{
$err = array();
$diss = $_POST['type'];
$sub = $_POST['sub'];
$msg = $_POST['msg'];
$uname = $_SESSION['uname'];
$date = "On " . date("F Y h:i:s A");
if (!isset($_SESSION['uname']))
$err[] = "You need to login";
else
{
if(empty($sub) && empty($msg))
$err[] = "All field required";
else
{
if(empty($sub))
$err[] = "Subject Requried";
if(empty($msg))
$err[] = "Message Requried";
}
}
if(!empty($err))
{
foreach($err as $er)
{
echo "<font color=red><b>$er</b></font>";
}
}
else
{
$sql= mysql_query("INSERT INTO discussion VALUES ('', '$diss', '$sub', '$msg', '$uname', '$date' ) ");
if(!$sql)
echo "Can't submit your discussion";
else
{
echo "Discussion was submitted";
}
}
}
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"
name="discussion">
<table width="240" border="0" cellspacing="0" cellpadding="0">
<tr>
<td style="width:230;"><b>Select your Discussion</b>
<select name="type">
<?php
$sqld = mysql_query("SELECT * FROM distype");
while($row = mysql_fetch_assoc($sqld))
{
$d_id = $row['d_id'];
$diss = $row['type'];
echo "<option value='$diss'>$diss</option>";
}
?>
</select></td>
</tr>
<tr>
<td><b>Subject</b></td>
</tr>
<tr>
<td><input type="text" name="sub" value="" size="33" class=""/></td>
</tr>
<tr>
<td><b>Message</b></td>
</tr>
<tr>
<td><textarea cols="30" rows="3" name="msg" class=""></textarea></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Submit Form"><br>
<td></td>
</tr>
</table>
On successful form submit you need to reload the url or redirect him somewhere to prevent user from inserting data to the database.
$sql= mysql_query("INSERT INTO discussion VALUES ('', '$diss', '$sub', '$msg', '$uname', '$date' ) ");
if(!$sql)
echo "Can't submit your discussion";
else
{
header("Location: page.php?mode=success");
//or
header("Location: ".$_SERVER['REQUEST_URI']); //which will just reload the page
}
The problem is, that your code will execute the same way when sent the same data. You need to protect against double inserts by one of many contructs:
Unique key on the table
Store hash of last post in session, refuse post if it has the same hash as stored
redirect user to different page on succes, so that a refresh will not cause the same POST
Hey I need to get the gender selected from a select tag
and then store that value as a variable in php, here's some relevant snippets of both
the register.php form and the register_process.php file
register.php
<form action="register_process.php" method="post">
<table>
<tr>
<td>Username (to be used for login and display name)</td>
<td><input type="text" name="username" id="username" onclick="check()"/></td>
<td id="username_check"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" id="password" onclick="check()"/></td>
<td id="password_check"></td>
</tr>
<tr>
<td>Password (Re-Enter)</td>
<td><input type="password" name="repassword" id="repassword" onclick="check()"/></td>
<td id="repassword_check"></td>
</tr>
<tr>
<td>Email Address</td>
<td><input type="text" name="email" id="email" onclick="check()"/></td>
<td id="email_check"></td>
</tr>
<tr>
<td>Email Address (Re-Enter)</td>
<td><input type="text" name="reemail" id="reemail" onclick="check()"/></td>
<td id="reemail_check"></td>
</tr>
<tr>
<td>Gender</td>
<td>
<select name="gender">
<option value="1">Male</option>
<option value="2">Female</option>
</select>
</td>
<td></td>
</tr>
<tr>
<td>I agree to the terms and conditions</td>
<td><input type="checkbox" name="tos" id="tos" /></td>
<td id="tos_check"></td>
</tr>
<tr>
<td id="valid" colspan="3"></td>
</tr>
<tr>
<td colspan="3"><input type="submit" value="Register" /></td>
</tr>
<tr>
<td colspan="3">Cancel</td>
</tr>
</table>
</form>
there is a ton of javascript I have omitted from this that does very basic validation
register_process.php
<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);
?>
<?php
$connection = mysql_connect(HOST, USERNAME, PASSWORD);
if(!$connection)
{
die("Database connection failed: " . mysql_error());
}
$db_select = mysql_select_db(DATABASE, $connection);
if(!$db_select)
{
die("Database selection failed: " . mysql_error());
}
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$repassword = mysql_real_escape_string($_POST['repassword']);
$email = mysql_real_escape_string($_POST['email']);
$reemail = mysql_real_escape_string($_POST['reemail']);
$gender = $_POST['gender'];
$tos = mysql_real_escape_string($_POST['tos']); // not being checked yet
$errors = 0;
$success = 0;
// USERNAME CHECK
if (preg_match('/^[a-z\d_]{5,20}$/i', $username))
{
$user_query = "SELECT * FROM users WHERE user_name = '$username' OR login_name = '$username' LIMIT 1";
$result=mysql_query($user_query);
$count=mysql_num_rows($result);
if($count==0)
{
echo "username is available <br/>";
$success++;
echo "<br/>1 Passed<br/>";
}
else
{
echo "sorry, that username already exist";
$errors++;
echo "<br/>1 Passed<br/>";
}
}
else
{
echo "You either need to enter a username, or you have entered a username in an incorrect format.";
$errors++;
echo "<br/>1 Passed<br/>";
}
// PASSWORD CHECK
if(preg_match('/^[a-z\d_]{5,20}$/i', $password))
{
// password is between 5-10 characters, alpha-numeric (a-z, A-Z, 0-9) and underscores
if($password === $repassword)
{
// password is identical
$success++;
echo "<br/>2 Passed<br/>";
}
else
{
// passwords do not match
$errors++;
echo "<br/>2 Passed<br/>";
}
}
else
{
echo "Password failed validation";
$errors++;
}
// EMAIL CHECK
if (eregi('^[a-zA-Z0-9._-]+#[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$',$email))
{
// user#email.com passes
// 1#1.com passes
// -#_.com passes
//
echo "<br/> email is ok";
if($email === $reemail)
{
// email addresses match
$success++;
echo "<br/>3 Passed<br/>";
}
else
{
// email address does not match
echo "<br/>3 Passed<br/>";
$errors++;
}
}
else
{
echo "email validation failed <br/>";
$errors++;
echo $email;
}
// Here is the problem, I can't seem to evaluate the correct value,
// When I echo out $gender I get nothing, So theres either an issue
// in the html form OR in the way I use $gender = $_POST['gender'];
if($gender == 1 || $gender == "1" || $gender == '1')
{
echo "male selected";
}
else
{
echo "female selected";
}
?>
what am I missing here guys?,
I have been hunting around
google to find an answer with no success.
heres the error php is giving me:
"Notice: Undefined index: gender in register_process.php on line 22"
Everything else in the form IS working fine, there are no other issues
Your mistake is this:
/>
Don't close your form tag way up there - you need to close it after the select.
BTW xhtml is dead, don't use it (it has been superseded by html5). Use plain HTML and don't close tags that don't need it.
Because of error in your HTML syntax.
Change:
<form action="register_process.php" method="post" />
To:
<form action="register_process.php" method="post">
Here is the code.
I really dont why it is not submitting my information.
<?php
//Includes mass includes containing all the files needed to execute the full script
//Also shows homepage elements without customs
include ("includes/mass.php");
//Grabbing data form POST array and storing in variables plus the date
$username = ($_POST['username']);
$password = ($_POST['password']);
$conpassword= ($_POST['password2']);
$firstname = ($_POST['firstname']);
$lastname = ($_POST['lastname']);
$email = ($_POST['email']);
$submit = ($_POST['submit']);
$date = date("Y-m-d");
//Reigstration Form
$register = "<div id='registration'>
<h2>Register Here!</h2>
<form action='register.php' method='post'>
<table>
<tr>
<td>
Username
</td>
<td>
<input type='text' name='username' value='$username' >
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
<input type='password' name ='password'>
</td>
</tr>
<tr>
<td>
Confirm Password
</td>
<td>
<input type='password' name ='password2'>
</td>
</tr>
<tr>
<td>
Firstname
</td>
<td>
<input type='text' name='firstname' value='$firstname'>
</td>
</tr>
<tr>
<td>
Lastname
</td>
<td>
<input type='text' name='lastname' value='$lastname' >
</td>
</tr>
<tr>
<td>
Email
</td>
<td>
<input type='text' name='email' value= '$email' >
</td>
</tr>
<tr>
<td>
<input type='submit' class='button' name='submit' value='Sign Up'>
</td>
</tr>
</table>
</form>
</div>";
echo $register;
//Check to make sure user has submitted the correct details
echo "<div id='regform'>";
if (isset($submit))
{
//Querying the database for if the username already exists
$sql = "SELECT * FROM user WHERE username = '$username'";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if (strlen($username)<2)
{
echo ("<br>You must enter a longer username</br>");
exit;
}
elseif (strlen($username) > 25)
{
echo ("You must enter a shorter username<br>");
exit;
}
if ($username==$dbusername)
{
echo ("That username already exists!");
exit;
}
elseif (strlen($password)<6)
{
echo ("<br>'Password must be be between 6 & 26 characters'<br>");
exit;
}
if ($password != $conpassword)
{
echo ("<br>Your passwords dont match<br>");
exit;
}
elseif (strlen($firstname)<=0)
{
echo ("<br>You must enter your firstname<br>");
exit;
}
if (strlen($lastname)<=0)
{
echo ("<br>You must enter your lastname<br>");
exit;
}
elseif (!preg_match('/#/',$email) || (strlen($email)<=6) )
{
echo ("</br>You must enter a proper email address!");
exit;
}
if (!isset($password))
{
echo "You must enter a password!";
exit;
}
elseif (!isset($conpassword))
{
echo ("You must confirm your password");
exit;
}
else
{
//Encrypt the password
$password = md5($password);
$conpassword = md5($conpassword);
//Start Session
session_start();
//push this information to the database
//Submit data to database plus store exec into variable.
$sqlsubmit ="INSERT INTO user VALUES ('','$firstname','$lastname','$username','$password','$email','$date',)";
mysql_query($sqlsubmit);
//echo success.
echo "successfully submitted to the database"."<br>"."<a href='user.php'>Click Here To Go To Your Accont</a>";
exit;
}
}
elseif(!isset($submit))
{
echo "</br>"."Enter your info here!!!!! :))";
}
echo "</div>";
?>
It has been state by Pekka as well as in a comment... but since this is very important, I'll repeat it in a separate (community wiki) answer:
This code is vulnerable to SQL-injection attacks of the worst kind.
Your code is absolutely insecure. It should not be used, no excuses possible. Go read about SQL-Injection and input sanitisation before you proceed any further.
http://xkcd.com/327/
Update: As Quassnoi so subtly points out, you urgently need to secure your input. See the chapter SQL Injection in the PHP manual.
The query fails because you have an extra comma at the end of the line:
$sqlsubmit ="INSERT INTO user VALUES
('','$firstname','$lastname','$username','$password','$email','$date',)";
Use echo mysql_error(); to find out such errors.
Also, the success message gets output, regardless whether the query fails or not.
You want to add a condition:
if (mysql_query($sqlsubmit))
echo "successfully submitted ...";
else
echo "error submitting ..... ".mysql_error();