Insert into not creating new row

Question

I've been trying to mess around with a registration system. However when I try to insert the information into the database. no new row is generated. I'm not getting any errors, and my code seems legitimate. Is there something that I don't know about INSERT INTO?

$username = $_POST['regusername'];
$email = $_POST['regemail'];
$password = $_POST['regpassword'];
$cpassword = $_POST['regpasswordcon'];
$firstname = $_POST['regfirstname'];
$lastname = $_POST['reglastname'];
//check username for weird symbols
if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $username)){
    // one or more of the 'special characters' found in string
    //header("Location: /register.php");
    echo "Your username should only contain letters and numbers";
    exit;
}

//check if username is taken
$check = $con->prepare("SELECT * FROM accounts WHERE username=:user");
$check->bindParam(':user',$username);
$check->execute();
$result = $check->fetch(PDO::FETCH_ASSOC);

if(!empty($result)){
    //header("Location: /register-page.php"); //direct browser back to sign in
    echo "User is already taken";
    exit;
}else{ //otherwise proceed to register new user

    //Hashing of password
    $hpassword = password_hash($password, PASSWORD_DEFAULT);

    //Prepared statements for SQL injection prevention
    $query = $con->prepare("INSERT INTO accounts (username, password, email, firstname, lastname) VALUES (:name,:hpassword,:email,:fname,:lname) ");

    //bind parameters
    $query->bindParam(':name',$username);
    $query->bindParam(':hpassword',$hpassword);
    $query->bindParam(':email',$email);
    $query->bindParam(':fname',$firstname);
    $query->bindParam(':lname',$lastname);
    $query->execute();
}

`$con` seems to be an instance od PDO, right? Have you set the error reporting mode to PDO::ERRMODE_EXCEPTION as described at http://docs.php.net/manual/en/pdo.error-handling.php ? If not your script is lacking error handling. — VolkerK, Jul 14 '15 at 14:59
hello. I'm thinking of perhaps the reason is that one or some of the variables you are trying to insert are null. Why don't you try to echo each of them and see if they have no emtpy values? perhaps that will help.. — Alejo_Blue, Jul 14 '15 at 15:01
Your script is prone to race conditions. Without locking the table another php instance could modify the database between the SELECT and the INSERT command of the other php instance, inserting a record with the exact same username twice. Better create a UNIQUE contraint for the username field. — VolkerK, Jul 14 '15 at 15:01
@VolkerK good points. I've done the error reporting and found out that I'm actually getting an error: Integrity constraint violation: 1062. Thanks for your help. I didn't know that a PDO error is an actual error that is different than a PHP error — Curtis Chong, Jul 14 '15 at 15:25
They are different ;-) and it's not really a PDO error but the MySQL server complains about the data. 1062 is ER_DUP_ENTRY , see https://dev.mysql.com/doc/refman/5.5/en/error-messages-server.html#error_er_dup_entry , so there already is a unique constraint on one or more fields of the table. Just drop the SELECT query, keep only the INSERT and check the error code. If it's 1062 -> duplicate entry. — VolkerK, Jul 14 '15 at 15:50
**WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](http://laravel.com/docs/security) built-in. — tadman, Jul 14 '15 at 16:05
I have a column known as User ID. making it auto increment has fixed it. Solution to make it auto increment is here: http://stackoverflow.com/questions/5665571/auto-increment-in-phpmyadmin — Curtis Chong, Jul 14 '15 at 16:05
You really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. — Jay Blanchard, Jul 14 '15 at 16:25

Insert into not creating new row

0 Answers0