-1

Here are the HTML and JavaScript codes:

if (username == '' || password == '' || firstname == '' || secondname == '' || email == '') {
  alert("Please fill all the fields!");
} else if ((password.length) < 8) {
  alert("Password should have at least 8 characters in length!");
} else {
  $.post("register.php", {
      username1: username,
      password1: password,
      firstname1: firstname,
      secondname1: secondname,
      email1: email
    },
    function(data) {
      if (data == 'You have successfully registered!') {
        $("form-horizontal")[0].reset();
      }
      alert(data);
    });

HTML & JS

And the php: PHP

My problem is that no matter what the fields in the registration contain and/or if the username is in the database or not, I get the same error:

This username is already registered! Please, try again!

arch1ve
  • 183
  • 1
  • 12
  • mind posting your mysql? – Funk Forty Niner Apr 13 '16 at 18:58
  • Allow users to use the [passwords / phrases](https://xkcd.com/936/) they desire. [Don't limit passwords.](http://jayblanchard.net/security_fail_passwords.html) – Jay Blanchard Apr 13 '16 at 18:59
  • @Fred-ii- meaning what? the queries or the actual table? – arch1ve Apr 13 '16 at 19:00
  • maybe your mysql is failing – Funk Forty Niner Apr 13 '16 at 19:00
  • You have to read again about how to evaluate a query against the database. You test `if(!$result)` which does not make any sense. `$result` will contain a result handle if the query was valid. It will _not_ contain true or false depending on a row having been found or not. In other world: it will never evaluate to `false`, except if you sql query contains a syntax error (which it does not). – arkascha Apr 13 '16 at 19:00
  • @Fred-ii- I am currently using it for other parts of the website that work fine, so although the server may be slow, it doesn't fail – arch1ve Apr 13 '16 at 19:03
  • I'm no PHP developer but this `$sql1="SELECT * FROM users WHERE username='$username'"; ` looks like you're in for some serious trouble. https://xkcd.com/327/ – Stephen Gilboy Apr 13 '16 at 19:03
  • @Stephen meaning what? – arch1ve Apr 13 '16 at 19:04
  • 1
    @arch1ve [SQL Injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Stephen Gilboy Apr 13 '16 at 19:05
  • @Stephen I am not worried about that right now, because that is not the purpose of the project I am working on (i.e. nobody will try to ruin my database), but thanks for the heads up – arch1ve Apr 13 '16 at 19:07
  • @arch1ve, have you taken into account that the message you get is nowhere in the code snippet you paste? probably the code will be failing in some other code snippet you have not pasted. How do you want to be helped, if you paste the correct code and hide the failing one? – Luis Colorado Apr 13 '16 at 19:10
  • @LuisColorado Please check the links in the post before making such comments. – arch1ve Apr 13 '16 at 19:13
  • @arch1ve, the reason of my comments is the same for it to be put on hold. It's not my problem to have to dig in your code, it's your problem to be as explicit and simple as possible for us to be able to help you solve it. – Luis Colorado Apr 14 '16 at 10:14

1 Answers1

1

In your PHP script you don't check if there are any rows with the query, you only check if the query is not null.

You can fix it by changing the if statement to this:

$sql1="SELECT * FROM users WHERE username='$username'";
$result = $mysqli->query($sql1);
if(!$result->num_rows)
{
    $sql2 = "INSERT INTO users(username, password, firstname, lastname, email) VALUES ('$username', '$password', '$firstname', '$secondname', '$email')";
    $result2 = $mysqli->query($sql2);
    if($result2) // Insert query
    {
        echo "You have successfully registered!";
    }
    else
    {
        echo "Error!";
    }

I suggest taking a look here to see what I changed:
http://php.net/manual/en/mysqli-result.num-rows.php

A better way to check if a string is empty is by doing this instead of what you have now:

if (username == null || password == null || firstname == null || secondname == null || email == null)

I also suggest checking in PHP if everything has a value because Javascript can be altered when you inspect the element.

You also need to prepare your statements, your code is vulnerable to SQL injection at the moment and you absolutely don't want that.

More about how to do that can be found here:
How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
Tom
  • 606
  • 7
  • 28
  • Changed that if statement now, and it goes to the else branch of the second if, printing "Error!" Also, I am not concerned about SQL injection right now, because nobody will try to ruin my database (personal project). – arch1ve Apr 13 '16 at 19:11
  • 1
    It doesn't matter whether it is a personal project or not, you should always use the correct security things. If the `if` statement didn't work it is due to an error in your query. – Tom Apr 13 '16 at 19:15
  • The first `if` statement works, but after that, when it gets to `if($result2)` and it doesn't evaluate to true, then it just goes to the `else` statement, echoing "Error!" – arch1ve Apr 13 '16 at 19:32
  • 1
    Because the query you are checking there is incorrect. Try executing the query in the database and see if it does work there. – Tom Apr 13 '16 at 19:39
  • Yes!!! The problem was that the `email` column wasn't even in the table (I simply thought it was, because I am not the one who created the database and it should have been there). Thank you for hinting me to check it! – arch1ve Apr 13 '16 at 19:52
  • 1
    No problem, I suggest when developing something enabling errors, you can do this by adding this on the first line of your code: `ini_set('display_errors', 1);` – Tom Apr 13 '16 at 19:57