1

I am trying to save the user information into database but i am getting error.

my input form:

<form method="post" action="do_signup.php">
Name:<input type="text" id="name" name="name"/>
<br/>
Username:<input type="text" id="user" name="user"/>
<br/>
Choose Password: <input type="password" name="pass" id="pass"/>
<br/>
Confirm Password:<input type="password" name="pass2" id="pass2"/>
<br/>
E-Mail:<input type="email" name="email" id="email"/>
<input type="submit"/>
</form>

do_signup.php

<?php
include 'includes/userdbConnect.php'; 
$name=$_POST['name'];
$username=$_POST['user'];
$password=$_POST['pass'];
$password2=$_POST['pass2'];
$email=$_POST['email'];

if($password!=$password2)
echo"<script> alert('Password and confirm password does not match');
window.location='signup.php'</script>";
exit;

$sql = mysql_query("INSERT INTO `riz`.`users` (`id`, `Username`, `Password`, `Email`) VALUES (NULL, '$username', '$password', '$email');") or die("SELECT Error: ".mysql_error());
if($sql) 
{
    echo "<script> alert('Signup successfully!');
    window.location='signin.php'</script>";
    exit;

 }
 else
 {   
 echo "<script> alert('Temporary problem, try again!');</script>";
 }


?>

userdbConnect.php

<?php
error_reporting(E_ERROR);
global $link;

$servername='localhost';
$dbname='riz';
$dbusername='root';
$dbpassword='';
$table_Name="users";

$link = mysql_connect($servername,$dbusername,$dbpassword);

if (!$link) {
die('Could not connect: ' . mysql_error());
}
else 
{
mysql_select_db($dbname,$link) or die ("could not open db".mysql_error());
}

?>

My do_signup.php takes all the information from signup.php i have checked by echo all the values. It is also working fine till where i am checking password and confirm password. But the INSERT query is not working and i am getting blank page. Guide me where i am doing mistake. Thanks in advance

Majid Ali
  • 31
  • 3
  • 11

1 Answers1

1

Your problem is with one of your if statements.

if($password!=$password2)
echo"<script> alert('Password and confirm password does not match');
window.location='signup.php'</script>";
exit;

Without parenthesis, only the first line will be executed in respect to the condition. Effectively it is doing this:

if($password!=$password2) {
    echo"<script> alert('Password and confirm password does not match');
    window.location='signup.php'</script>";
}
exit;

So it is exiting every single time, regardless of the condition.

All you need to do is add parenthesis correctly:

if($password!=$password2) {
    echo"<script> alert('Password and confirm password does not match');
    window.location='signup.php'</script>";
    exit;
}

Additionally, mysql_* functions are deprecated, and your script is vulnerable to SQL injection attacks. Please have a read of this: How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
rjdown
  • 9,162
  • 3
  • 32
  • 45