PHP Button starts out clicked

Question

I'm making a sign up form for a website but it doesn't wait until I press the button. When I open the page it's already saying that I haven't filled out all of the fields.

I have put an echo thing right under the part the if statement that isn't supposed to go until the button is clicked but it starts out on the screen.

if ($_POST['reg']) {
    echo "Clicked";

    if($em==$em) {

    $u_check = mysqli_query($connection, "SELECT username FROM users WHERE username='$un'");

    $check = mysqli_num_rows($u_check);

        if($check == 0){

            if($fn&&$ln&&$un&&$em&&$pswd&&$pswd2){

                if($pswd == $pswd2){

                    if(strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
                    echo "The maximum limit for username/first name/last name is 25 characters!";
                    }
                    else
                    {

                    if(strlen($pswd)>30||strlen($fn)<5){
                    echo "Your password must be between 5 and 30 characters long!";
                    }
                    else
                    {
                    $pswd = password_hash($pswd, PASSWORD_DEFAULT);
                    $pswd2 = password_hash($pswd2, PASSWORD_DEFAULT);
                    $query=mysql_query("INSERT INTO users VALUES('','$un','$fn','$ln','$em','$pswd','$d','0')");
                    die ("<h2>Welcome to Notebook!</h2>Log into your account to get started...");
                    }
                }
            }
            else
            {
             echo "Your passwords don't match!";
            }   
        }
        else 
        {
         echo "Please fill in all the fields";
        }
    }
    else
    {
        echo "Username already taken...";
    }
}
}

//if($reg){
//  echo "Clicked";
//}
?>
<input type="submit" name="reg" value="Sign Up">

(note, these are just a few snippets of the code I took out)

This is not enough explanation and code to understand the problem.\ — ryantxr, May 18 '19 at 03:00
@ryantxr I just added some more. Sorry, I had a bit more at first but it wasn't showing up — EmmitPhalen, May 18 '19 at 03:02
Please read about how to create a [mcve]. In any case, your error is pretty straightforward: look at which `if` condition fails to get you to the message "Please fill in all the fields," and it will be clear what happened. Also, please note: you are wide open to [**SQL injection**](https://www.owasp.org/index.php/SQL_Injection). You need to use prepared statements, rather than concatenating variables into your query. Simply escaping your variables is not enough. See [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1). — elixenide, May 18 '19 at 03:05

score 0 · Answer 1 · answered May 18 '19 at 04:35

0

start your code like this

if (isset($_POST['reg'])){

answered May 18 '19 at 04:35

Kumar Praveen

124
7

isset will check weather you have clicked btn or not.means formdata is posted or not – Kumar Praveen May 18 '19 at 04:36

PHP Button starts out clicked

1 Answers1