-2

My issue is when I go to this page to register (see picture below), the prompt "The email address...." appears right away even though I haven't typed anything yet. How do I remove that? Here's my code below.

enter image description here

<?php

$mysqli = mysqli_connect("localhost", "dbusername", "dbpassword", "dbtable");

if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
} else {
    $sql = "INSERT INTO tablename(firstname, lastname, email, password, age, gender, startdate) VALUES ('".$_POST["firstname"]."', '".$_POST["lastname"]."', '".$_POST["email"]."', PASSWORD('".$_POST["password"]."'), '".$_POST["age"]."', '".$_POST["gender"]."', now())";
    $res = mysqli_query($mysqli, $sql);

    if ($res === TRUE) {
        echo "Your account '".$_POST["email"]."' has just been created. Thank you for joining us!<br/>";
                echo "<br/>";
                echo "<a href='userlogin.php'>Go to Login</a>";

    } else {
        echo "The email address '".$_POST["email"]."' is already in use, try again!";
    }

    mysqli_close($mysqli);
}
?>

<!DOCTYPE html>
<html>
<head>
<title>User Information</title>
<link rel="stylesheet" href="stylesheet.css">
</head>
<body>
<form method="post" action="">
<fieldset> <legend><h3> User Information </h3></legend>
<p><strong>First Name:</strong><br/>
<input type="text" name="firstname"/></p>
<p><strong>Last Name:</strong><br/>
<input type="text" name="lastname"/></p>
<p class="lowercase"><strong>Email:</strong><br/>
<input type="text" name="email"/></p>
<p><strong>Password:</strong><br/>
<input type="password" name="password"/></p>
<p><strong>Age:</strong><br/>
<input type="number" name="age"/></p>
<p><strong>Gender:</strong><br/>
<input type="radio" name="gender" value="male">Male
<input type="radio" name="gender" value="female">Female<br>
<p><input type="submit" name="submit" value="Create Account"/></p>
</fieldset>
</form>
</body>
</html>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
kpAtCh
  • 97
  • 1
  • 8
  • Impossible. You must be using JS with this or you already loaded the page and it's in cache. – Funk Forty Niner Oct 18 '19 at 00:25
  • Plus, that would only happen in a SELECT, not an INSERT. – Funk Forty Niner Oct 18 '19 at 00:26
  • not using JS, just PHP.. :( – kpAtCh Oct 18 '19 at 00:26
  • Oh I know what's going on, your query failed because you're trying to insert a record that already exists. – Funk Forty Niner Oct 18 '19 at 00:26
  • Whats happening is that, as soon as that page loads, the prompt appears right away. – kpAtCh Oct 18 '19 at 00:27
  • After looking at your code in better detail, the problem appears to be because of the logic you used. You are checking the connection and query in an `if/else` and that's why it's doing that. You need to change the logic here. Remove the `else` for the query, or change the logic. – Funk Forty Niner Oct 18 '19 at 00:33
  • Try that and if it works, I'll reopen and post an answer for it so we can close it properly if I did do 100% wrong. I'm only human and we make mistakes too :) There are a few ways to correct this and will include it in there. – Funk Forty Niner Oct 18 '19 at 00:33
  • 2
    You are open to XSS and SQL injections. Put that with the plain text passwords and it's time to look at some tutorials. – user3783243 Oct 18 '19 at 01:39

1 Answers1

2

The reason for this is your if/else logic.

The first if checks if the connection failed and if it didn't, it goes to the query and there most likely already exists a record, so it goes to the else showing that the record exists.

You need to first check if a record exists, then run the INSERT if it does not exist.

I need to state that your code is open to SQL injection. Use a prepared statement. Plus, don't store plain text passwords, use a safe hashing method.

Here are a few references for you to read:

Check if a record exists:

Error checking that will serve you well:

Edit:

You could also place your PHP before your HTML and check to see if the submit button was clicked and then if any inputs are not empty, run the PHP/Query.

Example:

if(isset($_POST['submit'])) {

       // Run your code
} else {
        // Do something else
}
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141