MySQL & PHP Sign-up Form

Question

Hy :) Basically i am struggling with the same Problem as this Boy over here: PHP Sign-up Form Not Working - I think we were going through the same youtube tutorial :D

unfortunately i could not comment on this topic, that is why i am opening a new one. The thing is that my signup.php should be correct (at least the inputs right?) , but i am very likely to overlook things:

Thi signup.php File:

<?php
include_once 'header.php';
 ?>


  <section class="main-container">
<div class="main-wrapper">
  <h2>Sign up</h2>
  <form class="signup-form" action="includes/signup.inc.php" method="POST">
    <input type="text" name="first" placeholder="Firstname">
    <input type="text" name="last" placeholder="Lastname">
    <input type="text" name="email" placeholder="E-Mail">
    <input type="text" name="uid" placeholder="Username">
    <input type="password" name="pwd" placeholder="Password">
    <button type="submit" name="submit">Sign up</button>
  </form>
</div>
  </section>

  <?php
  include_once 'footer.php';
   ?>

When I type in information, it keeps on displaying me signup.php?signup=empty.

if (isset($_POST['submit'])) {
  include_once 'dbh.inc.php';

  $first = mysqli_real_escape_string($conn, $_POST['first']);
  $last = mysqli_real_escape_string($conn, $_POST['last']);
  $email = mysqli_real_escape_string($conn, $_POST['email']);
  $uid = mysqli_real_escape_string($conn, $_POST['uid']);
  $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

//Error Handlers
//Check for empty fieldset

if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
  header("Location: ../signup.php?signup=empty");
  exit();
}

else {
  //Check if input characters are valid
  if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
    header("Location: ../signup.php?signup=invalid");
    exit();
  }
  else {
    // Check if E-Mail is valid
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
      header("Location: ../signup.php?signup=email");
      exit();
    }
    else {
      $sql = "SELECT * FROM users WHERE user_uid='$uid'";
      $result = mysqli_query($conn, $sql);
      $resultCheck = mysqli_num_rows($result);

      if ($resultCheck > 0) {
        header("Location: ../signup.php?signup=usertaken");
        exit();
      }

      else {
        // Hashing the Password (verschlüsseln)...
        $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
        //Insert the User into the Database
        $sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
        mysqli_query($conn, $sql);
        header("Location: ../signup.php?signup=success");
        exit();
      }

    }
  }
}

}
else {
  header("Location: ../signup.php");
  exit();
}

Thank you very much in advance for any hint on this. Best, Chris

update:

When adding following to the Code:

exit(var_dump(empty($first), empty($last), empty($email), empty($uid), empty($pwd)));

it returns

bool(true) bool(true) bool(true) bool(true) bool(true)

Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's — RiggsFolly, May 19 '18 at 16:55
Possible duplicate of [PHP Sign-up Form Not Working](https://stackoverflow.com/questions/47242887/php-sign-up-form-not-working) — Ethiraj, May 19 '18 at 16:59
Hi! Thank you ver much for your answer, i should have mentioned that i know about this issue and the only reason why I did it this way is because i wanted to follow up like in the tutorial, as it will be overwritten in the tutorial as well at a later point to prepared statements. — Christian Achleitner, May 19 '18 at 17:01
Sorry Ethiraj but did you even read the first Line of this Post? Thx — Christian Achleitner, May 19 '18 at 17:02
Instead of `header` do `exit(var_dump(empty($first), empty($last), empty($email), empty($uid), empty($pwd)));` Then see which one is actually empty. I also would use parameterized queries rather than the escaping. With the current implementation you will need to escape before hashing on every usage of the passwords. — user3783243, May 19 '18 at 17:09
Thank you user3783243 for your respond. 'bool(true) bool(true) bool(true) bool(true) bool(true)' ist what returns. As i mentioned, i am doing this for practice purposes. It returns a boolean with the data true, right? And this for five times. Can I assume that this means each of the five input fields are empty? (I filled in all of the them before pressing sing in). But what does this mean for me now? How can I figure out why those field are empty, even though I did fill in everything. Thank you in adavance. — Christian Achleitner, May 19 '18 at 21:12

MySQL & PHP Sign-up Form

0 Answers0