insert users into mysqli database with errors in form

Question

I have this registration form to register new users, I have some code to Verify that user is not registered before, but it looks like the code is ignoring all the verification code and after register button the user logged in directly but not inserted in the database!!! this is a big mistake I got my code

<?php
$title="Registeration";
require_once './template/header.php';
require_once 'config/app.php';
require_once 'config/database.php';
if(isset($_SESSION['logged_in'])){
    echo "<script>location.href = 'index.php'</script>";
}

$errors=[];
$email = '';
$name = '';
$phone = '';
$city = '';

// Check user entries

if($_SERVER['REQUEST_METHOD'] == 'POST'){
    $email = mysqli_real_escape_string($mysqli, $_POST['email']);
    $phone = mysqli_real_escape_string($mysqli, $_POST['phone']);
    $city = mysqli_real_escape_string($mysqli, $_POST['city']);
    $name = mysqli_real_escape_string($mysqli, $_POST['name']);
    $password = mysqli_real_escape_string($mysqli, $_POST['password']);
    $password_confirmation = mysqli_real_escape_string($mysqli, $_POST['password_confirmation']);

    if(empty($email)){array_push($errors, "Email is Required");}
    if(empty($phone)){array_push($errors, "Phone is Required");}
    if(empty($city)){array_push($errors, "City is Required");}
    if(empty($password)){array_push($errors, "Passowrd is Required");}
    if(empty($name)){array_push($errors, "name is Required");}
    if(empty($password_confirmation)){array_push($errors, "Confirmation is Required");}

    //check password
    if($password != $password_confirmation){
        array_push($errors, "Password Dosn't match");
    }

    // check if user exists
    if(!count($errors)){
        $userExist = $mysqli->query("select id, email, phone, name from users where email ='$email' and phone ='$phone' and name ='$name'  limit 1");
        if($userExist->num_rows){
            array_push($errors, "user registered before");
        }
    }

    //Creat New User

    if(!count($errors)) {
        $password = password_hash($password, PASSWORD_DEFAULT);
        $query = "INSERT INTO users (email, phone, name, password, city) VALUES ('$email','$phone', '$name', '$password','$city')";
        $mysqli->query($query);
        //register in session
        $_SESSION['logged_in'] = true;
        $_SESSION['user_id'] = $mysqli->insert_id;
        $_SESSION['user_name'] = $name;
        $_SESSION['sucess_message'] = "Welcome to our Site!, $name";
        $_SESSION['user_email'] = $email;
         //redirect user.
        header('location: index.php');
        //echo "<script>location.href = 'index.php'</script>";
    }
}

?>
<div id=register>
    <div align="right" class="container">
        <h4 class="card-block text-center mt-4 text-info " > أهلا وسهلاً بك كمستخدم جديد  </h4>
        <br>
        <h5 align="center" class="lead text-success font-weight-bold"> إذا ممكن تعبي البيانات اللي تحت حتى نفتح لك حساب جديد </h5>
        <hr>
        <?php include 'template/errors.php' ?>
        <form action="" method="post">
            <div class="form-group"  >
                <label for="name"> اسم المستخدم </label>
                <input type="text" name="name" class="form-control" placeholder="اسمك"  id="name" value="<?php echo $name?>">
            </div>
            <div class="form-group"  >
                <label for="email"> بريدك الإلكتروني </label>
                <input type="email" name="email" class="form-control" placeholder="بريدك الإلكتروني"  id="email" value="<?php echo$email?>">
            </div>
            <div class="form-group"  >
                <label for="city"> المنطقة </label>
                <input type="text" name="city" class="form-control" placeholder="المنطقة"  id="city" value="<?php echo $city?>">
            </div>
            <div class="form-group"  >
                <label for="phone"> رقم التواصل (رقم تواصلك للإعلانات اللي بتضيفها) </label>
                <input type="number" name="phone" class="form-control" placeholder="رقم التواصل"  id="phone" value="<?php echo$phone?>">
            </div>
            <div class="form-group"  >
                <label for="password"> كلمة المرور </label>
                <input type="password" name="password" class="form-control" placeholder="كلمة المرور"  id="password">
            </div>
            <div class="form-group"  >
                <label for="password_confirmation"> تأكيد كلمة المرور </label>
                <input type="password" name="password_confirmation" class="form-control" placeholder="تأكيد كلمة المرور"  id="password_confirmation">
            </div>
            <div class="form-group" >
                <button class="btn btn-success" > تسجيل </button>
                <a href="login.php"> عندك حساب معانا؟ </a>
            </div>
        </form>
    </div>
</div>
<?php
    include 'template/footer.php';
?>

I think your first session condition is always true. please on the private window of browser or another browser — Mohsin Marui, Jan 12 '20 at 07:28
Where do you set the $_SESSION['logged_in']) value and when do you unset it ? — M0ns1f, Jan 12 '20 at 11:41

score 1 · Answer 1 · answered Jan 12 '20 at 11:23

1

if(isset($_SESSION['logged_in'])) { echo "location.href = 'index.php'"; }

Why dont you redirect user in php? See: https://www.php.net/manual/en/function.header.php

As already mention, you should use prepared statments. See How can I prevent SQL injection in PHP?

Before every count($errors), you can dump $errors to see what is inside. Maybe this will help. Use var_dump($errors);

answered Jan 12 '20 at 11:23

newBie here

13
6

how can I use prepare in my case, I'm new to this ! – user235 Jan 12 '20 at 11:42

insert users into mysqli database with errors in form

1 Answers1