PDO reg form results in "Please fill in all fields" when all fields are filled in

Question

I am building a social network, and trying to implement PDO instead of mysql, and I haven't finished implementing all of the PDO because I can't find a way to make a working version of PDO for inserting my table values. I have no clue why it is resulting in this but here is the code. As the title says, with the PDO code I have provided, I fill in all of the fields, click sign up, and it displays "Please fill in all fields" at the top of the header. If more code is needed (for other .php pages please comment, as I do not know what all is needed. I picked the ones that I knew went together.).

original working mysql code to insert user's input into the database

("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','d','0')");
    die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");

Index.php

<? include("inc/incfiles/header.inc.php"); ?>
<?
$reg = @$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sign up Date
//registration form
$fn = strip_tags(@$_POST['fname']);
$ln = strip_tags(@$_POST['lname']);
$un = strip_tags(@$_POST['username']);
$em = strip_tags(@$_POST['email']);
$em2 = strip_tags(@$_POST['email2']);
$pswd = strip_tags(@$_POST['password']);
$pswd2 = strip_tags(@$_POST['password2']);
$d = date("y-m-d"); // Year - Month - Day

if ($reg) {
if ($em==$em2) {
// Check if user already exists
$statement = $db->prepare('SELECT username FROM users WHERE username= :username');
//query succeeded
if ($statement->execute(array(':username' => $un))) {
    //user exists
    if ($statement->rowCount() > 0){
        //check all of the fields have been filled in
        if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
            // check that passwords match
            if ($pswd==$pswd2) {
                // check the maximum length of username/first name/last name does not exceed 25 characters
                if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
                    echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
    // check the length of the password is between 5 and 30 characters long
    if (strlen($pswd)>30||strlen($pswd)<5) {
        echo "Your password must be between 5 and 30 characters long!";
    }
    else
    {
        //encrypt password and password 2 using md5 before sending to database
        $pswd = md5($pswd);
        $pswd2 = md5($pswd2);
                    //prepare the SQL statement
                        $db_connect = $db->prepare
                        ("INSERT INTO users(
                            fname,
                            lname,
                            username,
                            email,
                            password,
                            d,
                            0
                        )
                        Value (
                            :fn,
                            :ln,
                            :un,
                            :em,
                            :pswd,
                            :d,
                            0
                        )"
                        );

                            //bind the parameters
                            $db_connect->bindParam(':fn', $fn);
                            $db_connect->bindParam(':ln', $ln);
                            $db_connect->bindParam(':un', $un);
                            $db_connect->bindParam(':em', $em);
                            $db_connect->bindParam(':pswd', $pwsd);
                            $db_connect->bindParam(':d', $d);

                    //execute the prepared statement
                        $db_connect->execute();
    }
        die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");
    }
}
            }
            else {
                echo "Your passwords don't match!";
            }
        }
        else 
        {
            echo "Please fill in all fields";
        }
    }
    else
    {
        echo "Username already taken.";
    }
}
else {
    echo "Your e-mails don't match!";
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
    $user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
    $password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
    $password_login=md5($password_login);
    $sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the person
    //Check for their existance
    $userCount = mysql_num_rows($sql); //Count the number of rows returned
    if ($userCount == 1) {
        while($row = mysql_fetch_array($sql)){
            $id = $row["id"];
    }
         $_SESSION["id"] = $id;
         $_SESSION["user_login"] = $user_login;
         $_Session["password_login"] = $password_login;
         exit("<meta http-equiv=\"refresh\" content=\"0\">");
         } else {
         echo 'That information is incorrect, try again';
         exit();
    }
}
?>
<div style="float: left;">
<table class="homepageTable">
        <tr>
            <td width="60%" valign="top">
             <h2>Already a member? Login below.</h2>
             <form action="index.php" method="post" name="form1" id="form1">
                <input type="text" size="25" name="user_login" id="user_login" placeholder="username" title="username"/>
                <br />
                <input type="password" size="25" name="password_login" id="password_login" placeholder="password" title="Password"/>
                <br />
                <input type="submit" name="button" id="button" value="Login to your account!">
             </form>
            </td>
            <td width="40%" valign="top">
             <h2>Sign up below...</h2>
            <form action="#" method="post">
            <input type="text" size="25" name="fname" placeholder="First Name" title="First Name" value="<? echo $fn; ?>">
            <input type="text" size="25" name="lname" placeholder="Last Name" title="Last Name" value="<? echo $ln; ?>">
            <input type="text" size="25" name="username" placeholder="Username" title="Username" value="<? echo $un; ?>">
            <input type="text" size="25" name="email" placeholder="Email" title="Email" value="<? echo $em; ?>">
            <input type="text" size="25" name="email2" placeholder="Re-enter Email" title="Re-enter Email" value="<? echo $em2; ?>">
            <input type="password" size="25" name="password" placeholder="Password" title="Password" value="<? echo $pswd; ?>">
            <input type="password" size="25" name="password2" placeholder="Re-enter Password" title="Re-enter Password" value="<? echo $pswd2; ?>"><br />
            <input type="submit" name="reg" value="Sign Up!">
            </form>
            </td>
        </tr>
</table>
</body>
</html>

header.inc.php

<?
include ("inc/scripts/db_connect.inc.php");
session_start();
if (!isset($_SESSION["user_login"])) {

}
else
{
header("location: home.php");
}
?>
<html>
<head>
<link href="css/main.css" rel="stylesheet" type="text/css">
<title>Rebel Reach - PHS Student Social Network</title>
</head>
<body>
<div class="headerMenu">
      <div id="wrapper">
            <div class="logo">
                  <img src="img/find_friends_logo.png">
            </div>
            <div class="search_box">
                  <form method="get" action="search.php" id="search">
                  <input name="q" type="text" size="60" placeholder="Search..." />
                  </form>
            </div>
            <div id="menu">
                  <a href="#">Home</a>
                  <a href="#">About</a>
                  <a href="#">Sign Up</a>
                  <a href="#">Login</a>
            </div>
      </div>
</div>
<br />
<br />
<br />
<br />

db_connect.inc.php

<?
$db = new PDO('mysql:host=localhost;dbname=socialnetwork', '*********', '*********');
?>

results after taking off @

Notice: Undefined index: reg in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 3

Notice: Undefined index: fname in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 14

Notice: Undefined index: lname in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 15

Notice: Undefined index: username in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 16

Notice: Undefined index: email in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 17

Notice: Undefined index: email2 in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 18

Notice: Undefined index: password in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 19

Notice: Undefined index: password2 in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 20

This looks like a case for basic debugging. What exactly goes wrong where? Do test outputs of the fields you're checking for. — Pekka, Feb 27 '13 at 17:01
No need to `strip_tags()` everything btw - you would turn a password like `` into an empty string for no good reason — Pekka, Feb 27 '13 at 17:02
Turn on logging in mysql and paste the actual insert query that's being processed. — Matt, Feb 27 '13 at 17:03
How would I go about doing that? and could it be the 0 that is there in `Values`? — cbenn95, Feb 27 '13 at 17:03
It's impossible to follow all these `if` / `else` statements if you don't indent correctly / consequently. Also, when having errors / bugs, remove all error suppressing operators. — jeroen, Feb 27 '13 at 17:05
sorry about the indenting. I have been using multiple coding tools, and some will indent correctly. working on doing the insert query right now — cbenn95, Feb 27 '13 at 17:08
@jeroen I took off the `@` on everything, and I tried seeing what would happen from there. Look at my OP for the results — cbenn95, Feb 27 '13 at 17:54
@Pekka웃 how do I test outputs? I've been trying to find out how, but have yet to find it. — cbenn95, Feb 27 '13 at 17:59
@mkaatman I have been trying to turn on the logging, but have had no success yet. Using PHPadmin, however, it tells me that there is a problem with the `db_connect` part and everything following it until it ends — cbenn95, Feb 27 '13 at 18:00
The simplest way is to just `echo` the values. To get PDO errors, see [How to squeeze error message out of PDO?](http://stackoverflow.com/q/3726505) — Pekka, Feb 27 '13 at 18:01
@Pekka웃 using dreamweaver's validator, it is saying that the codes for the form's input are showing up as data, instead of inputs? — cbenn95, Feb 27 '13 at 18:38

PDO reg form results in "Please fill in all fields" when all fields are filled in

0 Answers0