-2

Hi i have been on google past 3 hours and i just cant find bug that i have in my code , i always get (Sorry, your registration failed. Please go back and try again.)like my registerquery is empty. I think i have it right though ... Thanks for help , i did some changes but still unable to do it :/

<?php
if(!empty($_POST['username']) && !empty($_POST['password'])&& !empty($_POST['password1']))
{

    $servername = "localhost";
    $name = "root";
    $pass = "";
    $dbname = "users";
    $link = mysqli_connect($servername, $name, $pass, $dbname); 
if (!$link) {
    die("Connection failed: " . mysqli_connect_error());
  }
} 

    $username = mysqli_real_escape_string($link,$_POST['username']);
    $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
    $password1 = password_hash($_POST['password1'], PASSWORD_DEFAULT);
    $email = mysqli_real_escape_string($link,$_POST['email']);
    $checkusername = mysqli_query($link,"SELECT * FROM users WHERE Username = '".$username."'");
     if(mysqli_num_rows($checkusername) == 1)
     {
        echo "<h1>Error</h1>";
        echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
     }
     else
     {
        $registerquery = mysqli_query($link,"INSERT INTO users (ID,Username,Password,EmailAddress) VALUES(NULL,'".$username."', '".$password."', '".$email."')");
        echo($registerquery);
        if($registerquery)
        {
            echo "<h1>Success</h1>";
            echo "<p>Your account was successfully created. Please <a href=\"index.php\">click here to login</a>.</p>";
        }
        else
        {
            echo "<p>Sorry, your registration failed. Please go back and try again.</p>";    
        }       
     }
mysqli_close($link);
?>
Mirne
  • 75
  • 7
  • 1
    BTW you are escaping with mysql should be mysqli. And I would not escape the password before hashing. And consider using password_hash instead of md5. – Roland Starke Apr 24 '16 at 20:48
  • Sidenote about passwords. It's already been said above not use MD5, but you should read the following Q&A about another thing regarding manipulating passwords http://stackoverflow.com/questions/36628418/cleansing-user-passwords – Funk Forty Niner Apr 24 '16 at 21:23

1 Answers1

4

  1. You use mysql_real_escape_string where for the rest you use mysqli (as you should, because mysql_* is deprecated).

  2. mysql_real_escape_string doesn't work without an active mysql-connection, and will return false, so $username === false. Connect first, then escape.

The function you need to use here is mysqli_real_escape_string($link, $var).

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Peter van der Wal
  • 11,141
  • 2
  • 21
  • 29