Display the result of a registration page on top of the registration form

Question

I know little about coding. This is relating to a registration form i am creating. I have created the form. It is adding the form to database. But it want it to be displaying the result, for example - 'Passwords not matching, please try again' on top of the form. How to get that? Thanks in advance

Here my code:

<?php

$conn = mysqli_connect("localhost","root","");
if(! $conn ) {
      die('Could not connect: ' . mysql_error());
   }
mysqli_select_db($conn, 'registration');


    if(isset($_POST['submitbutton'])){

        if ($_POST['password'] == $_POST['confirm_password']) {
            $email = mysqli_real_escape_string($conn, $_POST['email']);
            $password = mysqli_real_escape_string($conn, $_POST['password']);
            $gender = mysqli_real_escape_string($conn, $_POST['gender']);
            $fname = mysqli_real_escape_string($conn, $_POST['fname']);
            $lname = mysqli_real_escape_string($conn, $_POST['lname']);
            $firm = mysqli_real_escape_string($conn, $_POST['firm']);

            $check_email_exists = mysqli_query($conn, "SELECT email FROM users WHERE email = '$email'");
            $count = mysqli_num_rows($check_email_exists);
            if ($count == 0) {
                $sql = "INSERT INTO users(email, password, gender, fname, lname, firm) VALUES('$email', '$password', '$gender', '$fname', '$lname', '$firm')";

                if(mysqli_query($conn, $sql)){
                    echo "Records added successfully.";
                } else{
                    echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
                }

                // close connection
                mysqli_close($conn);
            } else {
                die('Email exists, Please use a different email');
            }
        }
        else {
            die('Passwords not matching, please try again');
        }
    }

and here my html

<div class="registration-container">
    <div class="registrationpage-heading">
        <h2>Kostenlos und ohne Installation testen</h2>
        <p>Nutzen Sie den kostenlosen Funktionumfang von bmgenerator zeitlich uneingeschränkt. Weder Bankdaten noch Kreditkarte notwendig.</p>
    </div>

    <div class="user-login">
        <form class="login-form" action="user_login.php" method="post">
            <input required type="email" name="email" id="user_email" style="color:#888" size="35" value="E-mail" 
            onfocus="if(this.value==this.defaultValue)this.value=''"    
            onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>

            <input required type="password" name="password" id="user_password" style="color:#888" size="35" placeholder="Passwort"
            onfocus="if(this.value==this.defaultValue)this.value=''"    
            onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>

            <input required type="password" name="confirm_password" id="user_confirm_password" style="color:#888" size="35" placeholder="Passwort wiederholen" 
            onfocus="if(this.value==this.defaultValue)this.value=''"    
            onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>

            <select name="gender">
            <option>Herr</option>
            <option>Frau </option>
            </select><br><br>

            <input required type="text" name="fname" id="user_firstname" style="color:#888" size="35" placeholder="Vorname" 
            onfocus="if(this.value==this.defaultValue)this.value=''"    
            onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>

            <input required type="text" name="lname" id="user_lastname" style="color:#888" size="35" placeholder="Nachname" 
            onfocus="if(this.value==this.defaultValue)this.value=''"    
            onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>

            <input required type="text" name="firm" id="user_companyname" style="color:#888" size="35" placeholder="Firmenname" 
            onfocus="if(this.value==this.defaultValue)this.value=''"    
            onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>

            <input type="submit" name="submitbutton" id="submit" value="Kostenlos registrieren">
        </form>
    </div>

    <div class="register-terms">
        <p>Mit der Registrierung stimmen Sie den Datenschutzbestimmungen und den AGB zu.</p>
    </div>
</div>

What are files of your PHP and HTML files and where they are on your server? — SaidbakR, Apr 03 '17 at 10:08
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Apr 03 '17 at 12:18
**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Apr 03 '17 at 12:18

score 0 · Answer 1 · answered Apr 03 '17 at 09:18

In above scenario, submit the form page itself using

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

But make registration html to php file

<?php    
   if(isset($_POST['submitbutton'])){
      //perform validation, display error if any    
   }    
?>

If you want to go modular approach then use class having validate, register method after submit include class file and use methods

score 0 · Answer 2 · answered Apr 03 '17 at 10:02

0

For each error message make a variable $message="Password not matching..." and then after <div class="user-login"> you can put:

<?php echo "<p>$message</p>"; ?>

Remember to create a blank $message="". Hope it helps.

answered Apr 03 '17 at 10:02

Memristor

599
4
11

not displaying on the top, still displaying on side – Sibi Kasim Apr 03 '17 at 10:25
@SibiKasim that's maybe due to the .css file. You can try to put the message after the `
` tag.
– Memristor Apr 03 '17 at 10:52
Hi, Thanks for your quick help. I tried to use the reverse way. I was able to achieve it this way and then used CSS positioning to achieve the result. `?>
Passwords not matching, please try again
– Sibi Kasim Apr 03 '17 at 11:43

score 0 · Accepted Answer · answered Apr 03 '17 at 11:42

First of all it is not recommended to place the form and the processor page on the same page to void redundant insert via refresh. However, in the processor section you have to use any mean of redirect after any end of the process, in your code die() and echo should be replaced with the redirect with a parameter of pre specified message. for instance, you have four ends in your processor, so your code should look like:

<?php

$conn = mysqli_connect("localhost","root","");
if(! $conn ) {
      die('Could not connect: ' . mysql_error());
   }
mysqli_select_db($conn, 'registration');


    if(isset($_POST['submitbutton'])){

        if ($_POST['password'] == $_POST['confirm_password']) {
            $email = mysqli_real_escape_string($conn, $_POST['email']);
            $password = mysqli_real_escape_string($conn, $_POST['password']);
            $gender = mysqli_real_escape_string($conn, $_POST['gender']);
            $fname = mysqli_real_escape_string($conn, $_POST['fname']);
            $lname = mysqli_real_escape_string($conn, $_POST['lname']);
            $firm = mysqli_real_escape_string($conn, $_POST['firm']);

            $check_email_exists = mysqli_query($conn, "SELECT email FROM users WHERE email = '$email'");
            $count = mysqli_num_rows($check_email_exists);
            if ($count == 0) {
                $sql = "INSERT INTO users(email, password, gender, fname, lname, firm) VALUES('$email', '$password', '$gender', '$fname', '$lname', '$firm')";

                if(mysqli_query($conn, $sql)){
                    header("Location: user_login.php?msg=1");
                    exit();
                } else{
                    header("Location: user_login.php?msg=2");
                    exit();
                }

                // close connection
                mysqli_close($conn);
            } else {
                header("Location: user_login.php?msg=3");
                exit();
            }
        }
        else {
            header("Location: user_login.php?msg=4");
            exit();
        }
    }

$msg = [
  "Records added successfully.",
   "SQL Error",
   "Email exists, Please use a different email",
   "Passwords not matching, please try again"
];

if (isset($_GET['msg']) && isset($msg[($_GET['msg']-1)])){
 $message = $msg[($_GET['msg']-1)];
}

// In your form
....
</div>
 <?php if (isset($message)): ?>
 <div class="message"><?=$message;?></div>
<?php endif; ?>
    <div class="user-login">
        <form class="login-form....

@SibiKasim Never mind and don't forget to vote up the answer! :) — SaidbakR, Apr 03 '17 at 12:13
If you post an answer without prepared statements [you may want to consider this before posting](http://meta.stackoverflow.com/q/344703/). Additionally [a more valuable answer comes from showing the OP the right method](https://meta.stackoverflow.com/a/290789/1011527). — Jay Blanchard, Apr 03 '17 at 12:33
@JayBlanchard very good notice, however, I have concentrated on the requested point of the question more than any other points, at the end I am not debugging the code. — SaidbakR, Apr 03 '17 at 12:36
@SaidbakR .. One doubt. when I upload the file online. The page is redirecting to 404 error page. The web address bar shows 'l.com/home/ — Sibi Kasim, Apr 04 '17 at 05:56
You have to define the URL that the processor is found on the server. I could able bit that on local server everything is accessible via `http://localhost/...` while on the remote server it is on sub directory such as `http://example.com/apps/blah/...` — SaidbakR, Apr 04 '17 at 06:36

Display the result of a registration page on top of the registration form

3 Answers3