-4

I want to make a user authentication script. Here if the user wants to sign up, he/she will have to fill the registration form and click "Sign up"

PHP

<?php 
$usrnm=$_POST["userName"];
$email=$_POST["mailID"];
$pwd=$_POST["Password"];
$firstName=$_POST["firstName"];
$lastName=$_POST["lastName"];
$confpwd=$_POST["ConfirmPassword"];
 if ($pwd == $confpwd)
{
if (!$con = @mysql_connect("localhost", "root","","login"))
{
echo "connection unsuccessful\n";
}
if (!$selectdb = mysql_select_db("login",$con))
{
echo "database selection unsuccessful\n";
}
$sql = "SELECT userName FROM userdetails WHERE userName='$usrnm'";
$sql2 = "INSERT INTO userdetails (userName, Password,mailID, firstName, 
lastName) VALUES ('$usrnm','$pwd','$email','$firstName','$lastName')";
$retval = mysql_query( $sql, $con );
while($row = mysql_fetch_row($retval))
{

If the number of fields is more than 0, this means that the Username is already present in the database and ELSE add the information the database. My problem is, the ELSE condition is not working and IF is working. I even tried using ISSET but still no luck.

$fields=mysql_num_fields($retval);
if ($fields>0)
{echo "Username already exists";}
else
{$retval2 = mysql_query( $sql2, $con );
echo "Information added";
}
}
}
}
else
{
echo "Opps...";
}
mysql_close($con);
?>
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
Krushna Sonar
  • 47
  • 5
  • Comments about using `mysql()` incoming.... You should definitely use `mysqli()` or `PDO`. Also, validate your inputs. – TripleDeal Jun 23 '17 at 07:27
  • 5
    You're using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php) and are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) against. You're using [an unsuitable hashing algorithm](http://php.net/manual/en/faq.passwords.php) and should [take better care](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) of passwords. – Quentin Jun 23 '17 at 07:28
  • 2
    Please work on your indentation, this code is virtually unreadable. – deceze Jun 23 '17 at 07:28
  • If you are just learning PHP make sure you refer to reliable and up-to-date resources. The code you've written is out of date (using `mysql_*`) and there's bad practices implemented (using `@` to suppress warnings/errors instead of showing them). Among other things. – apokryfos Jun 23 '17 at 07:48

2 Answers2

0

You had 1 extra curly bracket close to your else statement.

Here's a cleaned up version of your code:

if ($pwd == $confpwd){
    if (!$con = @mysql_connect("localhost", "root","","login")){
        echo "connection unsuccessful\n";
    }
    if (!$selectdb = mysql_select_db("login",$con)){
        echo "database selection unsuccessful\n";
    }
    $sql = "SELECT userName FROM userdetails WHERE userName='$usrnm'";
    $sql2 = "INSERT INTO userdetails (userName, Password,mailID, firstName, lastName) VALUES ('$usrnm','$pwd','$email','$firstName','$lastName')";
    $retval = mysql_query( $sql, $con );
    while($row = mysql_fetch_row($retval)){
        $fields=mysql_num_fields($retval);

        if ($fields>0){
            echo "Username already exists";
        } else {
            $retval2 = mysql_query( $sql2, $con );
            echo "Information added";
        }
    }
} else {
    echo "Opps...";
}
mysql_close($con);

I haven't tested it nor do I want to do that, because you seriously need to use either mysqli() or PDO() and you should definitely validate the user inputs.

TripleDeal
  • 726
  • 4
  • 14
  • @Quentin Thanks for the information. This is the first time I am making a database and search and retrieval tool for the same. Also my main problem is that the query are running independently totally fine but in the script where, if the username is not already present, it should add the information via-ELSE. But this isn't still happening. (First time using Stackoverflow) – Krushna Sonar Jun 23 '17 at 11:37
  • Thanks for the information. This is the first time I am making a database and search and retrieval tool for the same. Also my main problem is that the query are running independently totally fine but in the script where, if the username is not already present, it should add the information via-ELSE. But this isn't still happening. PS. using stackoverflow for the first time – Krushna Sonar Jun 23 '17 at 11:37
  • @deceze I am using stackoverflow for the first time. My code is already indented but while copying and keeping "4 space before" each line it got messed up. – Krushna Sonar Jun 23 '17 at 11:39
0

I guess the way you written the queries is also wrong. You are using string varaibles so follow the below format to write queries.

$sql = "SELECT userName FROM userdetails WHERE userName='".$usrnm."'";

$sql2 = "INSERT INTO userdetails (userName, Password,mailID, firstName, lastName) VALUES('".$usrnm."','".$pwd."','".$email."','".$firstName."','".$lastName."')";

and also you have used an extra closing bracket after else statement. Please remove that.

Chandan Purbia
  • 285
  • 4
  • 14
  • Hi Chandan, My queries individually are working but near the ELSE where the second query (INSERT) should run, nothing is happening, nor it is saying that the information is adder nor it getting added in the database. – Krushna Sonar Jun 23 '17 at 11:41
  • Can you share your schema in the question, so that I could simulate the code on my machine? – Chandan Purbia Jun 23 '17 at 12:26
  • Hi, thanks for the help, I am sorry I trying to search for a option to upload documents. So I have shared my CSV data, I hope it ain't too much for you. Lemme know if I can attach the file. 1 Amit amit123 amit@tmp.com amit l1 2 Shrini shrini123 shrini@tmp.com shrini l2 3 David david123 david@tmp.com david l3 4 Joe joe123 joe@tmp.com joe l4 5 Dane dane123 dane@tmp.com dane l5 6 Taylor taylor123 taylor@tmp.com taylor l6 – Krushna Sonar Jun 25 '17 at 15:01