1

I am trying to create a sign up form for my website, but whenever I try and sing up I get the error code signup=empty. I can't seem to find the error. (I'm a beginner in PHP and mySQL)

signup.php:

<?php
include_once 'header.php';
?>

    <section class="main-container">
        <div class="main-wrapper">
            <h2>Sign Up</h2>
            <form class="Signup-form" action="includes/signup.inc.php" method="POST">
                <input type="text" name="first" placeholder="First Name">
                <input type="text" name="Last" placeholder="Last Name">
                <input type="text" name="email" placeholder="E-mail">
                <input type="text" name="uid" placeholder="Username">
                <input type="Password" name="pwd" placeholder="Password">
                <button type="submit" name="submit">Sign Up</button>
            </form>
        </div>  
    </section>

    <?php
    include_once 'footer.php';
?>

</body>
</html>

dbh.inc.php:

<?php

$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "loginsystem";

$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);

signup.inc.php:

<?php
#first if
if (isset($_POST['submit'])) {

    include_once 'dbh.inc.php';

    $first = mysqli_real_escape_string( $conn , $_POST['first']);
    $last = mysqli_real_escape_string( $conn , $_POST['last']);
    $email = mysqli_real_escape_string( $conn , $_POST['email']);
    $uid = mysqli_real_escape_string( $conn , $_POST['uid']);
    $pwd = mysqli_real_escape_string( $conn , $_POST['pwd']);

    //Error handelers
    //Check for empty field
    #second if
    if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
        header("Location: ../signup.php?signup=empty");
        exit();
    } /*second else*/ else{
        //Check if input character are valid
        # third if
        if (!preg_match("/^[a-zA-Z]*$/" , $first) || !preg_match("/^[a-zA-Z]*$/" , $last) ) {

            header("Location: ../signup.php?signup=invalid");
            exit();
        } /*third else*/ else{
            // Check if email is valid
            #forth if
            if (!filter_var( $email , FILTER_VALIDATE_EMAIL )) {

                header("Location: ../signup.php?signup=email");
                exit();
            } /*forth else*/ else {
                $sql = "SELECT * FROM users WHERE user_uid='$uid'";
                $result = mysqli_query($conn , $sql);
                $resultCheck = mysqli_num_rows($result);

                #fifth if
                if ($resultCheck > 0) {
                    header("Location: ../signup.php?signup=usertaken");
                    exit();
                } /*forth else*/ else {
                    //Hashing the password
                    $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
                    //Inser the user into the database
                    $sql = "INSERT INTO users (user_first , user_last , user_email , user_uid , user_pwd) VALUES ('$first','$last','$email','$uid','$hashedPwd');";
                    mysqli_query($conn , $sql);
                    header("Location: ../signup.php?signup=success");
                    exit();
                }
            }
        }
    }

} /*first else*/ else {
    header("Location: ../signup.php");
    exit();
}
Jeff
  • 6,895
  • 1
  • 15
  • 33
zcool 99
  • 27
  • 1
  • 8
  • 2
    You're checking for `$_POST['last']` but your input is actually `` with an uppercase "L". This could be the issue. – rickdenhaan Jun 21 '18 at 22:43
  • voting to close for beeing a typo – Jeff Jun 21 '18 at 22:45
  • _sidenote_: you're open to sql injection. Use Prepared Statements! – Jeff Jun 21 '18 at 22:46
  • could somebody show how to do it with prepared statements? – zcool 99 Jun 21 '18 at 22:46
  • tried to watch a vid on it, but so confusing... – zcool 99 Jun 21 '18 at 22:47
  • Forget the video, search for an example is using prepared statements with either mysqli or PDO. – Sloan Thrasher Jun 21 '18 at 22:50
  • [This](https://stackoverflow.com/questions/49355934/how-to-select-row-using-bind-param-php-mysqli/49356550#49356550) is a simple example of mine for fetching data using _prepared statements_. [This](https://stackoverflow.com/questions/49603108/error-on-form-submission-with-php-mysql-and-xampp/49603767#49603767) is a complete sign-up code I wrote, using _object oriented mysqli_, _prepared statements_, _error/exception handlers_. And [this](https://stackoverflow.com/questions/49215288/how-to-redirect-to-another-html-file-using-php/49216462#49216462) is a complete login page of mine. – PajuranCodes Jun 21 '18 at 23:16
  • And [this](https://phpdelusions.net/) is my preferred resource, with some very good articles and tutorials regarding what's important for you (pdo, mysqli, prepared statements, error handling, examples, etc). Good luck. P.S: The code of the question to which I answered with my sign-up code (see the 2nd link in my previous comment) looks amazingly similar to yours. – PajuranCodes Jun 21 '18 at 23:30

0 Answers0