Why does my user registration form not work properly?

Question

I am trying to create a user registration form using php and mysql. When I try to hit the submit button no new record is added to my database. The database is functional and has worked with other forms.

HTML/FORM

<?php
include 'header.php';
?>
    <section>
        <div class="form">
            <form action="signup.php" method="post">
                <h1> Sign Up!</h1>

                <p>First name:
                    <input type="text" name="fName" maxlength="15" required pattern="^[a-zA-Z]{3,20}$" placeholder="Enter Name" />
                </p>

                <p>Last name:
                    <input type="text" name="lName" maxlength="15" pattern="^[a-zA-Z]{3,20}$" required placeholder="Enter Last Name" />
                </p>

                <p>Email:
                    <input type="email" name="email" maxlength="40" required placeholder="Enter Email" />
                </p>

                <p>Username:
                    <input type="text" name="username" maxlength="20" ^[A-Za-z0-9_]{1,15}$ required placeholder="Enter Username" />
                </p>

                <p>Password:
                    <input type="password" name="password" maxlength="20" pattern="(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" required placeholder="Enter Password" />
                </p>

                <p>Re-type Password:
                    <input type="password" name="password2" maxlength="20" pattern="^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*$" required placeholder="Re-type Password" />
                </p>

                <p>
                    <button type="submit" name="signupbutton"> Sign up </button>
                </p>
            </form>
        </div>
    </section>

<div class="footerspecial">
    <?php
include 'footer.php';
?>
</div>

PHP/SQL

<?php

//have they submitted at least once?
if(isset($POST['$password2'])){
    $fName = $_POST['fName'];
    $lName = $_POST['lName'];
    $username = $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    $password2 = $_POST['password2'];
    //do the passwords NOT match?
        if ($password !== $password2) {//do string comparison here
                echo'<h2>Error: passwrods don\'t match!</h2>';
                require ('registerform.php');
        }
    else {
            //does the username already exist?
            $sql = mysql_query("SELECT * FROM users WHERE username=='$username'");
        if ($results=$con->query($sql)){
                echo'<h2>Error: username is already taken</h2>';
                require ('registerform.php');
        }
        else {

            $sql = mysql_query("SELECT * FROM users WHERE email=='$email'");
         if ($results=$con->query($sql)){  
            echo'<h2>Error: email already used</h2>';
             require ('registerform.php');
            }
            else {
   // If the values are posted, insert them into the database.
                    $sql= "INSERT INTO users (fName, lName, email, username, password, password2) VALUES ('$fName', '$lName', '$email', '$username', '$password', $password2)";
                    if (!$con->query($sql)){ 
                        echo 'Error: coulndt do suff';
                    }
                    else {
                        echo 'Account made'; 


                    }//ENDS SUCCESSFUL INSURT

            }//ENDS EMAIL VALIDATION

        }//ENDS THE USERNAME VALIDATION
    }//END PASSWORD VALIDATION
} 
 ?>

Picture of the form don't really know if its helpful but ya'know

https://gyazo.com/418b86ecb5090604a1f229e1e94fe3bf

What happens when you press submit : does the page refresh? Do you see any error message? — Jose Manuel Abarca Rodríguez, Apr 19 '16 at 17:11
When I submit the form it just brings me to an empty page so I'm confused on where to go from here I've been working on it for 2 days now — cosmichero2025, Apr 19 '16 at 17:12
Alright I'll take a look at that and take into account the answers i got below — cosmichero2025, Apr 19 '16 at 17:15
[Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Apr 19 '16 at 18:12
Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Apr 19 '16 at 18:12
Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Apr 19 '16 at 18:12

score 1 · Accepted Answer · answered Apr 19 '16 at 17:12

I'm guessing here that your database doesn't have a password2 column (seems kind of pointless to have) so trying to insert into it will give an error.

You should read about MySQLi error reporting

Also add error_reporting(-1); at the start of your PHP file to show PHP errors.

P.S. your code is vulnerable to SQL injection, you should use prepared statements to be safe from this.

Jason Smith · Answer 2 · 2016-04-19T19:37:17.080

0

Could have multiple problems first you do not have the single quotes around $password2. This could be leading to a failed insert.

VALUES ('$fName', '$lName', '$email', '$username', '$password', $password2)";

Also I would echo the sql errors out as you are not doing. you can do this easily. Test the if statement for a true not a false

                if ($con->query($sql)){ 
                    //if true then runs your code;
                }
               else {
                    echo "Error: " . $sql . "<br>" . $con->error; // This will echo out any sql errors you may have
                }

edited Apr 19 '16 at 19:37

answered Apr 19 '16 at 17:14

Jason Smith

71
4

I added the the things that you proposed and it is saying that $sql is a undefined variable – cosmichero2025 Apr 19 '16 at 17:23
I have that set up and it works correctly with other forms on my page this registration one is the only one I seem to have trouble with – cosmichero2025 Apr 19 '16 at 17:49
Also a side note I would convert your tags in your form to a table so that title aligns right. so that the text and the text boxes will line up in the center, making this much cleaner to view. – Jason Smith Apr 19 '16 at 18:31
$sql = mysql_query("INSERT INTO users (fName, lName, email, username, password, password2) VALUES ('$fName', '$lName', '$email', '$username', '$password', $password2))"; – Jason Smith Apr 19 '16 at 19:40

Why does my user registration form not work properly?

2 Answers2