0

I'm trying to create a sign up form. However whnever I click on the sign up button, the database does not get updated but just shows the blank signup.php page. Any ideas?

This is my php code

<?php
   include("config.php"); 
   //including config.php in our file

   if (!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['lastname']) && !empty($_POST['email'])){
   // Now checking user name and password is entered or not.
   $first_name= mysql_real_escape_string($_POST[`firstname`]);
   $last_name= mysql_real_escape_string($_POST['lastname']);
   $username = mysql_real_escape_string(stripslashes($_POST['username']));
   $password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
   $mail = mysql_real_escape_string($_POST['email']);
   $check = "SELECT * from users where username = '".$user."'";
   $qry = mysql_query($check);
   $num_rows = mysql_num_rows($qry); 

   if ($num_rows > 0) {
      // Check if username exists or not.

      echo "The username you have entered already exists. Please try another username. Thank   you";
      echo '<a href="signup.php">Try Again</a>';
      exit;
   }

   // Insert the new user into the database
   $query = "INSERT INTO Users (`firstname`,`lastname`,`email`,`username`,`password`,`is_active`) VALUES ('".$first_name."','".$last_name."','".$username."','".$password."','".$mail."','1');";

   mysql_query($query);

   echo "Thank You for Registering with us. You will now be able to use all our  facilities.";
   echo '<a href="login.html">Click Here</a> to login you account.';
   exit;
}

?>

This is my html form

<html>
 <head>
  <title>Registration Page | Simple login form</title>
 </head>
 <body>
  <div id="containt" align="center">
   <form action="signup.php" method="post" class="form-signup">
    <div id="header"><h2 class="sansserif">Sign up</h2></div>
    <table>
     <tr>
      <td>Select Your Firstname:</td>
      <td> <input type="text" name="firstname" size="20" placeholder="First name"><span  class="required">*</span></td>
     </tr>

     <tr>
      <td>Select Your Lastname:</td>
      <td> <input type="text" name="lastname" size="20" placeholder="Last name"><span class="required">*</span></td>
     </tr>

     <tr>
      <td>Select Your Username:</td>
      <td> <input type="text" name="username" size="20" placeholder="User name"><span class="required">*</span></td>
     </tr>

     <tr>
      <td>Select Your Password:</td>
      <td><input type="password" name="password" size="20" placeholder="Password"><span class="required">*</span></td>
     </tr>

     <tr>
      <td>Select Your Email:</td>
      <td> <input type="text" name="email" size="20" placeholder="Email"><span class="required">*</span>
      </td>
     </tr>
     <tr>
      <td><input type="submit" value="Sign Up" class="btn btn-large btn-primary"></td> 
     </tr>
    </table>
   </form>
  </div>
 </body>
</html>
user3293736
  • 23
  • 1
  • 2
  • 5
  • Do you have any errors in your error.log file? Also, have you tried putting traces in your code to see how far it's going? I find using `error_log` is helpful for this. – snollygolly Feb 19 '14 at 13:28
  • `$_POST[\`firstname\`]` Nope. You MUST do `$_POST['firstname'];` This is not a table we're selecting in MySQL, and they will not be interpreted as single quotes, instead, it will attempt to execute this argument as a shell command in this case. – Ohgodwhy Feb 19 '14 at 13:30
  • @Ohgodwhy which one are you referring to pls? – user3293736 Feb 19 '14 at 13:34
  • @user3293736 you can't just look at the only two uses of it in your code?? – thescientist Feb 19 '14 at 13:39

1 Answers1

1
if(!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['firstname'])                           && !empty($_POST['lastname']) 
&& !empty($_POST['email'])){
// Now checking user name and password is entered or not.
$first_name= mysql_real_escape_string($_POST[`firstname`]);
$last_name= mysql_real_escape_string($_POST['lastname']);
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
$mail = mysql_real_escape_string($_POST['email']);
$check = "SELECT * from users where username = '".$user."'";

You check if username='$user' but you didn't declared any variable with the name of '$user'.

You should write: 

$check = "SELECT * from users where username = '".$username."'";
user3310421
  • 7
  • 2