PHP code is getting executes before the form is submitted

Question

<?php
function log_page(){
    print_r($_POST);
    //connection variables
$host = 'localhost';
$user = 'root';
$password = '';
$db = 'firstwebsite';

//create mysql connection
$mysqli = mysqli_connect($host,$user,$password);
if(!$mysqli){
    echo " connection";
}
else{
    echo "no connection";
}
$select = mysqli_select_db( $mysqli, $db);

    $_SESSION['message']='';

    if (isset($_POST['register'])) { 
    if ($_POST['password'] == $_POST['confirmpassword']) 
    {
        $$username = $mysqli->real_escape_string($_POST['username']);
        $email = $mysqli->real_escape_string($_POST['email']);
        $password = md5($_POST['password']);

        echo $username . " " . $email . " " . $password;
    }
    }
?>
<link rel="stylesheet" href="log_style.css" type="text/css">
<div class="body-content">
  <div class="module">
    <h1>Create an account</h1>
    <form class="form" action="log_page.php" method="post" autocomplete="off">
      <input type="text" placeholder="User Name" name="username" required />
      <input type="email" placeholder="Email" name="email" required />
      <input type="password" placeholder="Password" name="password" autocomplete="new-password" required />
      <input type="password" placeholder="Confirm Password" name="confirmpassword" autocomplete="new-password" required />
      <input type="submit" value="Register" name="register" class="btn btn-block btn-primary" />
      <input type="submit" value="Already registered? Sign in" name="register2" class="btn btn-block btn-primary" />
    </form>
  </div>
</div>
<?php
}
?>

my code is not printing anything when i ask for echoing username and email and password. it is not entering the $_POST['register'] if statement. I think the php code is executed before the form values getting executed

if that's your full code, there's a missing `` tag and an input for the `confirmpassword` POST array. — Funk Forty Niner, Jul 28 '17 at 17:43
the error is that the if statement if ($_SERVER["REQUEST_METHOD"] == "POST") is not entered — Deema, Jul 28 '17 at 17:50
***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jul 28 '17 at 18:42

Slavez · Answer 1 · 2017-07-28T17:57:09.880

0

Do not use same names in a form. Also you don't need enctype="multipart/form-data" if you are not uploading file in your form.

<form class="form" action="log_page.php" method="post"  autocomplete="off">
              <input type="text" placeholder="User Name" name="username" required />
              <input type="email" placeholder="Email" name="email" required />
              <input type="password" placeholder="Password" name="password" autocomplete="new-password" required />
    <input type="password" placeholder="Confirm Password" name="confirmpassword" autocomplete="new-password" required />
          <input type="submit" value="Register" name="register" class="btn btn-block btn-primary" />
          <input type="submit" value="Already registered? Sign in" name="register2" class="btn btn-block btn-primary" />
</form>

Note that this should be in your log_page.php;

if ($_POST['register']) { 
    if ($_POST['password'] == $_POST['confirmpassword']) 
    {
        $username = $mysqli->real_escape_string($_POST['username']);
        $email = $mysqli->real_escape_string($_POST['email']);
        $password = md5($_POST['password']);

echo $username . " " . $email . " " . $password; //test purpose
    }
}

edited Jul 28 '17 at 17:57

answered Jul 28 '17 at 17:46

Slavez

229
2
3
12

thank you but it is still not working Notice: Undefined index: register in C:\xampp\htdocs\test2\log_page.php on line 8 this is the error – Deema Jul 28 '17 at 18:00
It's not an error, just a reminder. If you try to input some values in your form, with same password 1 and password 2, and just hit the register button, it will work. – Slavez Jul 28 '17 at 18:02
but should it echo the name and email and password as you suggested? because it is not printing anything – Deema Jul 28 '17 at 18:06
Note that mysqli->real_escape_string() needs an active database connection to work. If there is no connection to DB, you cannot use them and it'd be the reason to fail. – Slavez Jul 28 '17 at 18:10
Just remove escape functions and type plain $_POST['username'] and $_POST['email'] and see they will work I guess. – Slavez Jul 28 '17 at 18:12

PHP code is getting executes before the form is submitted

1 Answers1