0

I'm having problem with registration form using php script, i am checked alot of posts for this type of issues and i'm stil not getting it.. i'm trying to write codes by myself to insert user into database after guest is trying to register new user..

I wrote code like that and i know it's not suppose to be like that but i'm atleas trying by myself to learn something and if you guys can help me give your professional tips what should i add and what should i remove to make secure and working code

PHP Code i wrote

<?php
include("dbconnect.php");

if (!isset($_POST['registracija'])); {



    $uporabnik = $_POST['uporabnik']; #----------- Username ------------#
    $email = $_POST['email'];#----------- Email ------------#
    $geslo = $_POST['geslo'];#----------- Password ------------#
    $geslo2 = $_POST['geslo2'];#----------- Confirm password ------------#
    $spol = $_POST['spol']; #----------- Gender ------------#

if($geslo == $geslo2){ #----------- Password / password confirm ------------#
  $msg = 'gesli se ujemata'; #----------- Passwords are same ------------#
    } else {
        $msg = 'gesli se ne ujemata'; #----------- Error confirm password ------------#
    }

}


if (strcmp ($uporabnik, $email, $geslo, $geslo2, $spol) == 0) {
    $sql = "INSERT INTO uporabniki (uporabnik, email, geslo, spol)
VALUES ('$uporabnik', '$email', '$geslo', '$spol')";
    if (mysqli_query($conn, $sql)) {
        echo "Registered Successfully!";
    }
}


?>

and here is html version of registration form

<form method="Post" >
      <?php if(isset($msg)) echo $msg;  ?><br>

         <label >Uporabniško ime</label>
         <input type="text" name="uporabnik"  placeholder="Username..." size="50" required/> 
         <br>
         <label >Email</label>
         <input type="email" name="email"  placeholder="Email" size="50" required/> 
         <br>
         <label>Spol</label>
      <input type="radio"  name="spol" value="moški" required> Moški
         <input type="radio"  name="spol" value="ženska" required> Ženska
         <br>
         <label>Geslo</label>
      <input type="password" name="geslo"  placeholder="Password..." size="50" required/>
         <br>
         <label >Ponovi geslo</label>
      <input type="password" name="geslo2" id="geslo2" placeholder="Confirm password..." size="50" required/>
    <input type="submit" name="registracija" id="registracija" value="Registracija">
    </form>

I hope you guys won't judge me and you'll help me out so i can learn more.. I'm new at this Thank you for your time and tips!

Hartman
  • 105
  • 1
  • 9
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Mar 14 '17 at 20:08
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Mar 14 '17 at 20:08
  • You say there is an 'issue' in your title? Are you getting an error? – Jay Blanchard Mar 14 '17 at 20:09
  • @JayBlanchard oh yeah im getting errors like this `Notice: Undefined index: uporabnik in C:\xampp\htdocs\index.php on line 8 Notice: Undefined index: email in C:\xampp\htdocs\index.php on line 9 Notice: Undefined index: geslo in C:\xampp\htdocs\index.php on line 10 Notice: Undefined index: geslo2 in C:\xampp\htdocs\index.php on line 11 Notice: Undefined index: spol in C:\xampp\htdocs\index.php on line 12 Warning: strcmp() expects exactly 2 parameters, 5 given in C:\xampp\htdocs\index.php on line 24 Registered Successfully! ` – Hartman Mar 14 '17 at 20:10
  • @JayBlanchard when im refresh the site it's automaticly insert into database new id user and im not insert anything into – Hartman Mar 14 '17 at 20:12
  • Change `
    ` to `
    `. Is your PHP in the same file as your HTML?
     – Jay Blanchard Mar 14 '17 at 20:13
  • Have you checked your error logs? You're making an assumption the query is working. Add error reporting to the top of your file(s) right after your opening ` – Jay Blanchard Mar 14 '17 at 20:14
  • @JayBlanchard i did and it's still inserting into database after refreshing the site. It is. – Hartman Mar 14 '17 at 20:15
  • @JayBlanchard `Notice: Undefined index: uporabnik in C:\xampp\htdocs\index.php on line 10 Notice: Undefined index: email in C:\xampp\htdocs\index.php on line 11 Notice: Undefined index: geslo in C:\xampp\htdocs\index.php on line 12 Notice: Undefined index: geslo2 in C:\xampp\htdocs\index.php on line 13 Notice: Undefined index: spol in C:\xampp\htdocs\index.php on line 14 Warning: strcmp() expects exactly 2 parameters, 5 given in C:\xampp\htdocs\index.php on line 25` – Hartman Mar 14 '17 at 20:16
  • Your variables are not getting set. – Jay Blanchard Mar 14 '17 at 20:16
  • @JayBlanchard so i have to add array befor variables or? – Hartman Mar 14 '17 at 20:20
  • Add a `print_r($_POST);` at the top of the PHP before your `if` condition to make sure you're getting the variables after you click the submit button. Post the results here. – Jay Blanchard Mar 14 '17 at 20:24

0 Answers0