-4

Ok, so I'm learning php and today I wanted to learn about making a user registration page.

I wrote this code :- php

<?php
$db = mysql_connect('127.0.0.1', 'root', '') or die ('Unable to Connect.Check your connection parameters');
mysql_select_db('stock_inventory', $db) or die (mysql_error($db));
$usernamer=(isset($_POST['username'])) ? $_POST['username'] : '';
$passwordr=(isset($_POST['password'])) ? $_POST['password'] : '';
$emailr=(isset($_POST['email'])) ? $_POST['email'] : '';
$usernamer=strip_tags($usernamer);
$passwordr=strip_tags($passwordr);
$emailr=strip_tags($emailr);
$errors[]=array();
if(isset($_POST['submit']) && $_POST['submit'] == 'register')
{
    $query = 'SELECT * FROM user WHERE user_name = ' . $usernamer;
    $result=mysql_query($query, $db) or die (mysql_error($db));
    if(mysql_num_rows($result) > 0)
    {
        echo "Username already exists.";
        echo '<br/>';
        echo "Redirecting";
        header('Refresh: 3; URL=register.php');
    }
    if(empty($usernamer))
    {
        $errors[]="Username cannot be blank";
    }
else if(empty($passwordr))
{
    $errors[]="Password cannot be empty";
}
else if(empty($emailr))
{
    $errors[]="Email Cannot be empty";
}
else if(count($errors) > 0)
{
    echo '<table>';
    echo '<tr>';
    foreach($errors as $error)
    {
        echo '<td>' . $error . '</td>';
    }
    echo '</tr>';
    echo '</table>';
    die();
}
else
{
$query = 'INSERT INTO user
          (user_id, user_name, user_password, user_email)
          VALUES
          (NULL, "' . mysql_real_escape_string($usernamer, $db) . '", "' . PASSWORD($passwordr) . '", "' . mysql_real_escape_string($emailr, $db) . '")';
$result = mysql_query($query, $db) or die (mysql_error($db));
if($result)
{
    echo "Registration Succssfull";
}
else
{
    echo "Error in registration";
}

}
}
?>

HTML

<html>
    <head>
        <title>Register</title>
    </head>
    <body>
        <form action="register.php" method="post">
            <table>
                <tr>
                    <td>Username:</td>
                    <td><input type="text" name="username" /></td>
                </tr>
                <tr>
                    <td>Password:</td>
                    <td><input type="password" name="password" /></td>
                </tr>
                <tr>
                    <td>Email:</td>
                    <td><input type="text" name="email" /></td>
                </tr>
                <tr>
                    <td><input type="submit" name="register" value="register" /></td>
                </tr>
            </table>
        </form>
    </body>
</html>

The problem :- Unfortunately, this script does nothing. Doesn't matter I'm entering anything or not, it does nothing. How can I fix this ?

Any help is appreciated. Thanks.

Rahul
  • 13
  • 2
  • why are you inserting NULL values in userid field ? – Maximus2012 Jul 29 '13 at 18:38
  • You say it doesnt do anything? Does that mean the page wont even submit, it does it submit and then do nothing? If the first case, check if you might have some javascript stopping the submit (like a validationscript) – Martijn Jul 29 '13 at 18:39
  • 1
    *PSA:* The `mysql_*` functions are [deprecated in PHP 5.5](http://php.net/manual/en/faq.databases.php#faq.databases.mysql.deprecated). It is not recommended for writing new code as it will prevent you from upgrading in the future. Instead, use either [MySQLi](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) and [be a better PHP Developer](http://jason.pureconcepts.net/2012/08/better-php-developer/). – Jason McCreary Jul 29 '13 at 18:39
  • 1
    SQL injection warning: http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php – WWW Jul 29 '13 at 18:39
  • Add this to your php-files and check if there are any errors: `ini_set('display_errors',1); ini_set('display_startup_errors',1); error_reporting(-1);` – Tobias Golbs Jul 29 '13 at 18:41
  • @Maximus2012 user_id is set to AUTO_INCREMENT – Rahul Jul 29 '13 at 18:50
  • then you don't need to specify user_id field (or its value) in your insert query. – Maximus2012 Jul 29 '13 at 18:52

1 Answers1

2

Your submit button is named register, not submit, so this line: 

if(isset($_POST['submit']) && $_POST['submit'] == 'register')

should be 

if(isset($_POST['register']) && $_POST['register'] == 'register')

that is why it does nothing.

Ryan
  • 3,153
  • 2
  • 23
  • 35
  • Ok, I get this :- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 – Rahul Jul 29 '13 at 18:52
  • Your username variable is not correctly escaped. – datasage Jul 29 '13 at 18:53
  • datasage is right, it should be: $query = "SELECT * FROM user WHERE user_name = ' ".$usernamer." ' "; Note the double quotes on the outside of the query, which lets you use the single inner quotes to denote a sql string around the username, which should work. – Ryan Jul 29 '13 at 18:56