PHP Sign-up Form Not Working

Question

I am building this PHP login system to work on my skills. When the user signs up and their information is secured in the SQL database, I want to display signup.php?signup=success on top of my screen. When the user types in the information and something seems to be missing, I want it to display signup.php?signup=empty.

However, on my current page, even when I type in information, It keeps on displaying me signup.php?signup=empty. I know that my database is working for sure though....

Here is my PHP code for my signup.inc.php (included in an includes folder):

<?php

if (isset($_POST['submit'])) {

    include_once 'dbh.php';

    $first = mysqli_real_escape_string($conn, $_POST['first']);
    $last = mysqli_real_escape_string($conn, $_POST['last']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $uid = mysqli_real_escape_string($conn, $_POST['uid']);
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

    //Error handlers
    //Check for empty fields
    if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
        header("Location: ../signup.php?signup=empty");
        exit();
    } else {
        //Check if input characters are valid
        if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
            header("Location: ../signup.php?signup=invalid");
            exit();
        } else {
            //Check if email is valid
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                header("Location: ../signup.php?signup=email");
                exit();
            } else {
                $sql = "SELECT * FROM users WHERE user_uid='$uid'";
                $result = mysqli_query($conn, $sql);
                $resultCheck = mysqli_num_rows($result);

                if ($resultCheck > 0) {
                    header("Location: ../signup.php?signup=usertaken");
                    exit();
                } else {
                    //Hashing the password
                    $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
                    //Insert the user into the database
                    $sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
                    mysqli_query($conn, $sql);
                    header("Location: ../signup.php?signup=success");
                    exit();
                }
            }
        }
    }

} else {
    header("Location: ../signup.php");
    exit();
}

Here is my signup.php form (I included header.php that has the database) :

<?php 

  include 'header.php';

?>

    <section class="main-container">
      <div class="main-wrapper">
         <h2>Signup</h2>
         <form class="signup-form" action="includes/signup.inc.php" method="POST">
           <input type="text" name="first" placeholder="First Name">
           <input type="text" name="last" placeholder="Last Name">
           <input type="text" name="email" placeholder="Email">
           <input type="text" name="uid" placeholder="Username">
           <input type="password" name="password" placeholder="password">
           <button type="submit" name="submit">Sign Up</button>
         </form>
      </div>
    </section>

    <?php

    include 'footer.php';

    ?>

What am i doing wrong here?

I appreciate all responses

I'd caution against assuming everyone's names are just alpha characters -- I know plenty of people with apostrophes in their names, and some cultures need to use the `!` to dictate certain sounds, which may be a part of someone's name. sanitize them, definitely, but assume that someone knows how to spell their own name — Jhecht, Nov 11 '17 at 21:23

score 4 · Accepted Answer · answered Nov 11 '17 at 21:21

4

Simply change:

<input type="password" name="password" placeholder="password">

To:

<input type="password" name="pwd" placeholder="password">

Because in your php, you are using index pwd not password while from your html you are sending password not pwd

answered Nov 11 '17 at 21:21

mega6382

9,211
17
48
69

In addition to this fine answer... a slight note: using the element named `button` is not exactly proper for a `submit` (sometimes the post arg of 'submit' may or may not be sent!). Its more compatible to use ``. (edited) – IncredibleHat Nov 11 '17 at 21:24
[According to MDN it seems that using a button as a submit is just fine](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/button) – Jhecht Nov 11 '17 at 21:26
I'm unsure of other browsers, but I know Chrome will show "submit" without a value specified. – Jhecht Nov 11 '17 at 21:28
To expand on what I researched about this, because I do remember for a long time the general consensus was "don't use buttons as submits" but the main reason for that was IE6 was... well IE6. If someone is still using IE6, I don't think we should worry about what has to be a small user base – Jhecht Nov 11 '17 at 21:30
I guess its just the oldschool in me... whenever there is something that comes up as 'unpredictable behavior cross browsers'... I tend to lean towards the side of caution and use the more tried and true methods. The issues with using `button` as a `submit`, is that in php checking if that button name exists in `$_POST` depended on if the `button` element had a `value`, or if it was used by javascript to submit the form (thus being excluded). ANYHOW, thus why I thought to mention it. (I can clear all my comments if you'd like) – IncredibleHat Nov 11 '17 at 21:35

PHP Sign-up Form Not Working

1 Answers1

Linked