0

I'm doing a user registration page and I have figured out how to make it so that if a user focuses out of a text input box, an error message will appear under it.

In the JS file, I have the following code

               $("body").delegate("#user_id", "focusout", function(event){
                  event.preventDefault();

                  var c_userid=$('#user_id').val();
                  $.ajax({
                         url: "classes/register.php",
                         method: "POST",
                         data : {getId:1,c_userid:c_userid},
                         success: function(data){
                 $("#userid-error").html(data); 
                  }
                  });
                  });

And in the PHP file that's supposed to put the data through, 

   elseif(isset($_POST['getId'])){
    global $conn;
       $c_userid = $_POST["c_userid"];
       $get_id = "SELECT id FROM user_info WHERE id LIKE '%$c_userid%' LIMIT 1";
       $check_id = mysqli_query($conn, $get_id);
       $count_id = mysqli_num_rows($check_id);
            if(empty($c_userid)){
                echo "Please fill user id";
                exit();
            }elseif($count_id > 0){
                echo "ID unavailable";
                exit();
            }

}

Now would I be able to add the SQL Insert coding to that if statement like so..

elseif(isset($_POST['getId'])){
    global $conn;
       $c_userid = $_POST["c_userid"];
       $get_id = "SELECT id FROM user_info WHERE id LIKE '%$c_userid%' LIMIT 1";
       $check_id = mysqli_query($conn, $get_id);
       $count_id = mysqli_num_rows($check_id);
            if(empty($c_userid)){
                echo "Please fill user id";
                exit();
            }elseif($count_id > 0){
                echo "ID unavailable";
                exit();
            }
   }else{
    $first_name = $_POST["first_name"];
    $last_name = $_POST["last_name"];
    $home_phone = $_POST["home_phone"];
    $cell_phone = $_POST["cell_phone"];
    $city = $_POST["city"];
    $state = $_POST["state"];
    $zip_code = $_POST["zip_code"];
    $home_address = $_POST["home_address"];
    $email_address = $_POST["email_address"];
    $user_id = $_POST["id"];
    $password = md5($_POST["password"]);
    $sql = "INSERT INTO user_info (id, password, first_name, "
            . "last_name, city, state, zip_code, home_address, "
            . "email_address, home_address, home_phone, cell_phone)"
            . ""
            . "VALUES($user_id, $password, $first_name, $last_name, $city, $state,
               $zip_code, $home_address, $email_address, $home_address, $home_phone, $cell_phone)";
    $run_query = mysqli_query($conn, $sql);
}

And have the data inserted into my database properly? If something was wrong with the user input, would the getID function would prevent from going through?

Cœur
  • 37,241
  • 25
  • 195
  • 267
CFl
  • 48
  • 4
  • Try to use at least PDO, and escape user input. – cssBlaster21895 Aug 21 '16 at 19:40
  • 1
    What do you mean by *"am I doing the SQL coding right?"* - Check for errors yourself and you'll see where you've gone wrong http://php.net/manual/en/mysqli.error.php / http://php.net/manual/en/function.error-reporting.php. Far as I'm concerned, your question stands to be closed based on not quoting your string values. Oh and don't use MD5 if you plan on going live with this, yet alone the SQL injection you've opened yourself to. – Funk Forty Niner Aug 21 '16 at 19:43
  • I tried this code out already but it wasn't submitted to the database even though the form went through.. – CFl Aug 21 '16 at 19:48

0 Answers0