1

i have here a problem with a php signup script... It says that it is successfull but when i look into my database i dont see any data in there can you help me out? Here is the php code: 

<?php
if(isset($_POST['submit'])){
include_once("db.php");
$first = $_POST['meno'];
$last  = $_POST['priezvisko'];
$email = $_POST['email'];
$uid   = $_POST['username'];
$pwd   = $_POST['heslo'];
$age   = $_POST['vek'];

if(empty($first) OR empty($last) OR empty($email) OR empty($uid) OR empty($pwd) OR empty($age)){
    header("Location: ../signup.php?signup=empty");
    exit();
}elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
    //Check email
    header("Location: ../signup.php?signup=emailnotvalid");
    exit();
}else{
    $query = mysqli_query($conn, "SELECT * FROM users WHERE user_uid='$uid'");
    $resultCheck = mysqli_num_rows($query);
if($resultCheck > 0){
        header("Location: ../signup.php?usernametaken");
        exit();
    }else{
        $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
        $query     = mysqli_query($conn, "INSERT INTO users(user_first,user_last,user_email,user_uid,user_pwd,user_date, user_level,user_age) VALUES('$first', '$last','$email','$email','$hashedPwd', NOW(), 0,'$age')");
        header("Location: ../signup.php?signup=success");
    }
  }
}
?>
JintaoSvk
  • 11
  • 2
  • You're never even checking whether the query was successful. So of course it says it was successful. – Barmar Jul 07 '18 at 15:35
  • Learn to use prepared statements instead of substituting variables, to protect against SQL injection. https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Barmar Jul 07 '18 at 15:36
  • The `INSERT` statement puts `$email` into `user_uid` instead of `$uid`. – Barmar Jul 07 '18 at 15:38
  • i fixed the problem that it was putting $email into user_uid and now it says that there is an error can you help me? i am new with php... if not thanks anyway – JintaoSvk Jul 07 '18 at 16:16
  • What is the error? Add `or die(mysqli_error($conn))` to the end of the `mysqli_query` line. – Barmar Jul 07 '18 at 16:18
  • See https://stackoverflow.com/questions/22662488/how-to-get-mysqli-error-in-different-environments – Barmar Jul 07 '18 at 16:18
  • i have only a white screen when i add "or die(mysqli_error($conn))" to the end of the mysqli_query line and nothing is written even in the console. – JintaoSvk Jul 07 '18 at 16:37
  • You put itt before the `;`, right? – Barmar Jul 07 '18 at 16:40
  • `mysqli_query($conn, "...") or die(mysqi_error($conn);` – Barmar Jul 07 '18 at 16:40
  • The whole line in my code is like this $query = mysqli_query($conn, “the insert statement”) OR die(mysqli_error($conn)); – JintaoSvk Jul 07 '18 at 16:58
  • That's correct (but the `$query` variable is useless, you never use it). If it gets an error you should see the message, otherwise it will do the redirect. I don't know why you're not seeing that. – Barmar Jul 07 '18 at 17:54
  • Well can we chat privately so we dont spam this? And I could show you what i see it just redirects me to signup-inc.php which is the file where all the php script is in and after it redirects me just white page and nothing on it... – JintaoSvk Jul 07 '18 at 18:34

0 Answers0