PHP Mysql Forum User Creation Script doesn't work

Question

My code doesn't work, nor it gives me any errors, so the code is right, but still doesn't work. The code aims to look up for the entered data of a HTML form and, if the entered values are not stored on the database, creating them(the new user).

 <?php

error_reporting(E_ALL);
ini_set('display_errors', 1);

define('SECURE', true);
require_once('_connecting.php');


 include "_head.php";



if(isset($_POST["send"]))
{
$username = $_POST["user_name"];
$mail=$_POST["user_email"];

$passwort = $_POST["user_password"];

$passwort2 = $_POST["user_password2"];





if(strlen($passwort)<6||$passwort!=$passwort2)
   {
   echo "Eingabefehler. Bitte alle Felder korekt ausf&uuml;llen. <a href=\"signup.php\">Zur&uuml;ck</a>";







       }

else


{

$check = ("SELECT Count(*) FROM user WHERE user_email ='$mail'");




$mysqli->query($check);


if ($check > 1) {
   echo "Schon vorhanden";

   exit();


} else {



$send="INSERT INTO user (user_name, user_email,user_password) VALUES ('$username','$passwort','$mail')";



$mysqli->query($send);








}




}}






?>






























    <h1>
    Registriere dich jetzt, um alle Funktionen des Forums in vollem Umfang genie&szlig;en zu k&ouml;nnen.

    </h1>
    <h1 id="yellowh1">
    Du wirst es nicht bereuen - Es warten viele spannende Dinge auf dich.





    </h1>




<form action="signup.php" method="post">
<br><br>
<input type="text" name="user_name" value="" required="required" placeholder="Nutzername" maxlength="255" />
<br>
<br>
<input type="email" name="user_email" value="<?php echo !empty($_POST['user_email']) ? $_POST['user_email'] : ''; ?>" required="required" placeholder="E-Mail-Adresse" maxlength="255" />
<br><br>
<input type="password" name="user_password" required="required" placeholder="Passwort" maxlength="50" />
<input type="password" name="user_password2" required="required" placeholder="Passwort erneut eingeben" maxlength="50" />
<br><br>




<input type="submit" value="Abschicken" name="send">
</form>

  <?php include "_footer.php";?>

do double check when writing code `$_POSST`. Your query depends on that one. `WHERE user_email ='$mail'` - `$mail=$_POSST["user_email"];` — Funk Forty Niner, Jun 17 '15 at 22:24
*"my code doesn't work,nor it gives me any errors"* - that's because you're not checking for errors, anywhere. Either on PHP or the query. *"so the code is right, but still doesn't work."* - that's a contradictory statement. — Funk Forty Niner, Jun 17 '15 at 22:25
Change $mail=$_POSST["user_email"]; to $mail=$_POST["user_email"]; — MatHatrik, Jun 17 '15 at 22:31
[`Notice: Undefined variable: _POSST in...` - *I knew that's what the notice would be.*](http://php.net/manual/en/function.error-reporting.php) — Funk Forty Niner, Jun 17 '15 at 22:33
@Don'tPanic ugh.. good catch. I didn't see that one. I'll have to edit my answer, and give kudos to you. — Funk Forty Niner, Jun 17 '15 at 23:02

score 4 · Accepted Answer · edited May 23 '17 at 10:29

There are a few problems here.

$mail=$_POSST["user_email"];

Firstly, there is a typo in there and you must remove one of the S's. It's a superglobal.

Having error reporting would have signaled:

Notice: Undefined variable: _POSST in...

As I stated in comments, your query depends on it. WHERE user_email ='$mail' and you're not checking for errors anywhere.

VALUES ('$username','$passwort','$mail') that will also fail because of the typo in $_POSST.

Then you have value="<?php echo $user_email; ?>" for the name="user_email" input, which will also throw the following notice in the input field itself, as soon as you hit the submit button:

Notice: Undefined variable: user_email in...

Therefore, you need to use a ternary operator:

value="<?php echo !empty($_POST['user_email']) ? $_POST['user_email'] : ''; ?>"

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.

Footnotes:

Your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements, they're much safer.

I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.

I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

References:

Final notes:

Since the MySQL API to connect with is unknown (to me), make sure that you are in fact using mysqli_ to connect with, and not another one that is different. Different MySQL APIs do not intermix with each other.

Use the same API from connection to query.
https://php.net/mysqlinfo.api.choosing

As stated in comments and kudos to "Don't Panic":

$mysqli->query->execute seems kind of strange. – Don't Panic

This method of querying $mysqli->query->execute(...) is used for prepared statements. http://php.net/manual/en/mysqli.prepare.php

Those need to be modified as just $mysqli->query(...)

As per the manual http://php.net/manual/en/mysqli.query.php

I changed posst to post, but still doesnt work.. Ill check your codes,when im at home again :) THX :) i hope it will work like this — , Jun 18 '15 at 08:26
ive changed my code to what you told me to, but it still doesn't work nor i get some errors... can you please take a look on my edited script ?I edited my question, so that now there is my "new" code. — , Jun 18 '15 at 17:30
Cloded# i found the solution, i changed it to what the manuel reads — , Jun 19 '15 at 14:23
@Needforbleed that's great, glad to hear it and thanks for the update, *cheers* — Funk Forty Niner, Jun 19 '15 at 14:42

PHP Mysql Forum User Creation Script doesn't work

1 Answers1