-4

I see some php course then I learn mostly by practical way so my question is very newbie , I didn't understand why this code don't work solution for duplicate username while registre , and every time i receive probleme with header 

function signup($conn) {

    $uid = $_POST['uid'];
    $pwd = $_POST['pwd'];



    if (isset($_POST['signupSubmit'])) {



        $query = mysql_query("select * from user where uid='$uid'");
        $encrypted_password = password_hash($pwd, PASSWORD_DEFAULT);
        if(mysql_num_rows(query)>0)
        {
             echo "<script> window.location.replace('test.php') </script>" ;

        }

        else {

        $sql = "insert into usi (uid, pwd)  values('$uid','$encrypted_password')";

        $result = $conn->query($sql);
        header("Location: test.php");




    }

}

}
bawbawbabasaw
  • 1
  • [**Please don't use `mysql_*` functions in new code**](//stackoverflow.com/q/12859942)! They are no longer maintained [and are officially deprecated](//wiki.php.net/rfc/mysql_deprecation). See the [**red box**](//php.net/manual/function.mysql-connect.php)? Learn about [*prepared statements*](//en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](//php.net/pdo) or [MySQLi](//php.net/mysqli) - [this article](//php.net/manual/mysqlinfo.api.choosing.php) can help you choose. If you go with PDO, [here is a good tutorial](http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers). – Siguza Apr 29 '17 at 16:02
  • See http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php for the header problems. – Barmar Apr 29 '17 at 16:04
  • You redirect to the same `test.php` script in both cases. – Barmar Apr 29 '17 at 16:05
  • @Barmar yes but the two don't work the system don't show error when I write the same username – bawbawbabasaw Apr 29 '17 at 16:08
  • There's nothing in your code that displays an error when the you have the same username. – Barmar Apr 29 '17 at 16:11
  • @Siguza thanks for advice you know a good alternative with my sqli for mysql_num_rows – bawbawbabasaw Apr 29 '17 at 16:13
  • @Barmar i mean this statement don't work even when I echo something : ; if(mysql_num_rows(query)>0) { echo "" ; } – bawbawbabasaw Apr 29 '17 at 16:17
  • You're missing a `$`. `mysql_num_rows(query)` should be `mysql_num_rows($query)` – Barmar Apr 29 '17 at 16:22
  • You should also stop using the `mysql_XXX` functions. They have been obsolete for years. Since you're just starting out, you should learn the proper way to use `mysqli` or `PDO`, and use prepared statements. – Barmar Apr 29 '17 at 16:23
  • @bawbawbabasaw [`mysqli_num_rows`](https://secure.php.net/manual/en/mysqli-result.num-rows.php)? – Siguza Apr 29 '17 at 16:30

1 Answers1

0

this:

$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
if (isset($_POST['signupSubmit'])) {

should be:

 if (isset($_POST['signupSubmit'])) {
     $uid = $_POST['uid'];
     $pwd = $_POST['pwd'];

i don't have solution for mysql_ but here is PDO example i made, hope it helps

$dbhost = "localhost";
$dbname = "database";
$mysqlusr = "root";
$mysqlpass = "";

try {
    $db = new PDO("mysql:host={$dbhost};dbname={$dbname}", $mysqlusr, $mysqlpass);
    $db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
    } 
    catch (PDOException $e){
        echo $e->getMessage();
    }

if(isset($_POST['signupSubmit'])){
    $uid = $_POST['uid'];
    $pwd = $_POST['pwd'];

    $encrypted_password = password_hash($pwd, PASSWORD_DEFAULT);

    try {
        $sql = "SELECT uid FROM user WHERE uid=:uid";           
        $statement = $db->prepare($sql);
        $statement->bindParam(':uid', $uid, PDO::PARAM_STR);
        $statement->execute();
        $result = $statement->fetch(PDO::FETCH_ASSOC);

        if (empty($result)) {
            try { 
                $sql = "INSERT INTO user (uid, pwd) VALUES (:uid, :pwd)";
                $statement = $db->prepare($sql);
                $statement->bindParam(':uid', $uid, PDO::PARAM_STR);
                $statement->bindParam(':pwd', $encrypted_password, PDO::PARAM_STR);
                $statement->execute();

                echo "new user registered";
             }
            catch (PDOException $e){
                echo $e->getMessage();
            }
        }
            else {

                echo "username already exists";
            }
    }
    catch (PDOException $e){
        echo $e->getMessage();
    }
}
Adnan
  • 101
  • 2
  • 10