-1

I have a form that gets data from the users, after keying in data, they're not being attained. I'm not sure where's the problem.

//Signup page 
<h2>SignUp</h2>

    <form class="signup-form" action="Cons/signup.conn.php" method="POST">

    <input type="text" name="firstName" placeholder="Name">
    <input type="password" name="userPassword" placeholder="Password">

    <button type ="submit" name = "submit" >Sign Up</button>
    </form>

after i key in the data, I get stuck on the first validation, which calls the "header("Location: ../signup.php?signup=Empty");"

//belongs to signup.conn.php ( where the process is done) 
<?php

    if (isset($_POST['submit'])) {
    include_once 'dbh-conn.php';

    $first = mysqli_real_escape_string($conn, $_POST['firstName']);
    $pw = mysqli_real_escape_string($conn, $_POST['userPassword']);

// ERROR handlers
// Check for EMPTY Fields;

if (empty($first) || empty($pwd)) {
    header("Location: ../signup.php?signup=Empty");
    exit();
 } else { 
      //does other validations
      if
 //Once everything is confirmed
 } else {
          // Hashing the password
                $hashedPwd = password_hash($pw, PASSWORD_DEFAULT);
                // insert Users into DB
                $sql = "INSERT INTO users (user_firstName,user_userPassword) 
                VALUES ('$first','$hashedPwd');";
                // ////////////////////////
                mysqli_query($conn, $sql);
                header("Location: ../signup.php?signup=success");
                exit();
            }
        }
    }
}
    header("Location: ../signup.php");
    exit();
}
?>
Minial
  • 321
  • 2
  • 17
  • 3
    `$pw`! = `$pwd`, you check for a variable that isn't set. – Qirel Aug 30 '17 at 09:57
  • You should also use prepared statements instead of injecting variables directly into the queries. `mysqli_*` offers `prepare()` and `bind_param()` methods you should have a look at. – Qirel Aug 30 '17 at 10:05
  • Side note: You don't need `mysqli_real_escape_string()` for the password, nor should you. – Funk Forty Niner Aug 30 '17 at 10:10
  • I know at the moment PDO right now is the more preferred choice, but I have yet any knowledge regarding that. – Minial Aug 30 '17 at 10:20

1 Answers1

4

The line

if (empty($first) || empty($pwd)) {

Should be

if (empty($first) || empty($pw)) {
kinggs
  • 1,162
  • 2
  • 10
  • 25