My Form Submits automatically on page load PHP

Question

I have created a registration page but my form submits blank data automatically when the page loads even though i have form validation in place. Can't seem to place my mistakes.

Also i get this undefined index error for the $_POST[first_name] and the others and when i use the 'isset' to enclose this, i get '1' as data stored in DB.

Thanks in advance.

<?php

 require_once("config.php");

 $f_name = isset($_POST['first_name']);
 $l_name = isset($_POST['last_name']);
 $e_mail = isset($_POST['email']);
 $p_w_d =  isset($_POST['password']);

 //password hashing and salting
   $hash = hash('sha256', $p_w_d);
     
   function createSalt()
   {
       $text = md5(uniqid(rand(), true));
       return substr($text, 0, 3);
   }
    
   $salt = createSalt();
   $sec_password = hash('sha256', $salt . $hash);

 //creating the database query
 $query = "INSERT INTO ad_min_user (first_name, last_name, email_id, password) VALUES
 ('$f_name','$l_name','$e_mail','$sec_password')";
 $result = mysqli_query($conn,$query);

   if(!empty($result)) {
      //echo '<script language="javascript">';
   //echo 'alert("Registration Successful !")';
   //echo '</script>';
   unset($_POST);
  } 
  else {
   echo '<script language="javascript">';
   echo 'alert("Registration Failed !")';
   echo '</script>';  
  }
  ?>

?>


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Create Admin Panel | 9JA Home & Tours LTD</title>

<!-- BOOTSTRAP STYLES-->
<link href="assets/css/bootstrap.css" rel="stylesheet" />
<!-- FONTAWESOME STYLES-->
<link href="assets/css/font-awesome.css" rel="stylesheet" />
<!-- CUSTOM STYLES-->
<link href="assets/css/custom.css" rel="stylesheet" />
<!-- GOOGLE FONTS-->
<link href='http://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css' />
<!-- SCRIPTS -AT THE BOTOM TO REDUCE THE LOAD TIME-->
<!-- JQUERY SCRIPTS -->
<script src="assets/js/jquery-1.10.2.js"></script>
<!-- BOOTSTRAP SCRIPTS -->
</head>
<body>
<div class="container"> <br/>
  <br/>
  <br/>
  <div class="row text-center ">
    <div class="col-md-12"><br/>
      <span style="font-size:35px;font-weight:bold;color:red;">CREATE ADMIN PANEL</span></div>
  </div>
  <br/>
  <div class="row ">
    <div class="col-md-4 col-md-offset-4 col-sm-6 col-sm-offset-3 col-xs-10 col-xs-offset-1">
         
      <div class="panel panel-default" id="loginBox">
        <div class="panel-heading"> <strong> Enter Admin Details </strong> </div>
        <div class="panel-body">
          <form onSubmit="return validationForm();" role="form" id="form" method="post">
            <br />
            <div class="form-group input-group"> <span class="input-group-addon"><i class="fa fa-user"  ></i></span>
              <input type="text" name="first_name" id="first_name" class="form-control" placeholder="First Name" />
            </div><div class="form-group input-group"> <span class="input-group-addon"><i class="fa fa-user"  ></i></span>
              <input type="text" name="last_name" id="last_name" class="form-control" placeholder="Last Name" />
            </div>
            <div class="form-group input-group"> <span class="input-group-addon"><i class="fa fa-envelope"  ></i></span>
              <input type="text" name="email" id="email" class="form-control" placeholder="Email" />
            </div>
            <div class="form-group input-group"> <span class="input-group-addon"><i class="fa fa-lock"  ></i></span>
              <input type="password" name="password" id="password" class="form-control"  placeholder="Your Password" />
            </div>
            <div class="form-group input-group"> <span class="input-group-addon"><i class="fa fa-lock"  ></i></span>
              <input type="password" name="confirm_password" id="confirm_password" class="form-control"  placeholder="Confirm Password" />
            </div>
            <div class="form-group">
              <label class="checkbox-inline"> </label>
              <span class="pull-right"> <a href="index.php" >Login as Admin</a> </span> </div>
            <hr />
            <div align="center">
              <button style="width:100%;" type="submit" id="login" class="btn btn-primary"><i class="fa fa-user"  ></i>&nbsp;Create Admin</button>
            </div>
          </form>
        </div>
      </div>
    </div>
  </div>
</div>
<script type="text/javascript">
function validationForm(){
 if($("#first_name").val() == ''){
  alert("First Name Required !!!");
  $("#first_name").focus();
  return false;
 }
 else if($("#last_name").val() == ''){
  alert("Last Name Required !!!");
  $("#last_name").focus();
  return false;
 }
 else if($("#email").val() == ''){
  alert("Email Required !!!");
  $("#email").focus();
  return false;
 }
 else if(!validateEmail($("#email").val())){
  alert("Valid Email Required !!!");
  $("#email").focus();
  return false;
 }
 else if($("#password").val() == ''){
  alert("Password Required !!!");
  $("#password").focus();
  return false;
 }
 else if($("#confirm_password").val() == ''){
  alert("Confirm Password");
  $("#confirm_password").focus();
  return false;
 }
 else if($("#password").val() != $("#confirm_password").val()){
  alert("Passwords Don't Match");
  $("#confirm_password").focus();
  return false;
 }
 else{
  return true;
 }
}
function validateEmail(email) {
    var re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
    return re.test(email);
}


</script>

</body>
</html>

Answer 1

Don't know if this solves your problem, but isset returns true/false.

$f_name = isset($_POST['first_name']);
$l_name = isset($_POST['last_name']);
$e_mail = isset($_POST['email']);
$p_w_d =  isset($_POST['password']);

This means that your firstname, lastname, email, pwd will either be true/false rather than the actual post value.

You want to re-write to something like...

$f_name = isset($_POST['first_name']) ? $_POST['first_name'] : null;

You will also want to wrap that entire block of php in something like:

if (isset($_POST) {
    // PHP stuff here e.g. 
    $f_name = isset($_POST['first_name']) ? $_POST['first_name'] : null;
    ...
}

because if the form has not been posted, you will be trying to access stuff in $_POST which doesn't actually exist yet.

You also have an issue in your example above... where you appear to be closing php twice...

     ?>

?>

So basically, your code should look something like...

<?php

require_once("config.php");

if (isset($_POST)) {
    $f_name = isset($_POST['first_name']) ? $_POST['first_name'] : null;
    $l_name = isset($_POST['last_name']) ? $_POST['last_name'] : null;
    $e_mail = isset($_POST['email']) ? $_POST['email'] : null;
    $p_w_d = isset($_POST['password']) ? $_POST['password'] : null;

    //password hashing and salting
    $hash = hash('sha256', $p_w_d);

    function createSalt()
    {
        $text = md5(uniqid(rand(), true));
        return substr($text, 0, 3);
    }

    $salt = createSalt();
    $sec_password = hash('sha256', $salt . $hash);

    //creating the database query
    $query = "INSERT INTO ad_min_user (first_name, last_name, email_id, password) VALUES
        ('$f_name','$l_name','$e_mail','$sec_password')";
    $result = mysqli_query($conn, $query);

    if (!empty($result)) {
        unset($_POST);
    } else {
        echo '<script language="javascript">';
        echo 'alert("Registration Failed !")';
        echo '</script>';
    }
}

But remember to validate your input