1

Im using the following code to insert users into a table called 'accounts'

session_start(); 
include("include/connect.php");

            //Posted information from the form put into variables
            $username = mysqli_escape_string($conn, $_POST["username"]);
            $email = mysqli_escape_string($conn,$_POST["email"]);
            $password = mysqli_escape_string($conn,$_POST["password_1"]);

            //check if user already exists
            $usernameCheck="SELECT * FROM accounts WHERE username='$username'";

            //query the db
            $usernameResult = mysqli_query($conn, $usernameCheck) or die(mysqli_error($conn));

            //if no users exits then add data
            if(mysqli_num_rows($usernameResult) == 0){
                $AddUser = "INSERT INTO `accounts` (`username`, `email`, `password`) VALUES ('$username', '$email', '$password')";
                $newUserSend = mysqli_query($conn, $AddUser) or die(mysqli_error($conn));
                mysqli_close($conn);
                $_SESSION["user_session"]= $username;

            }

However every time it runs it inserts a row with the correct data and then a blank row below. For example 

ID Name email           password                                                                             
1  test test@test.com   test              
2

This is the form where the data is posted from:

<form method="POST" class="signup-form" action="RegisterProcess.php">
                    <h2 class="form-title">Create account</h2>
                    <div class="form-group">
                        <input type="text" value="<?php echo $username; ?>" class="form-input" name="username" placeholder="Your Name" required/>
                    </div>
                    <div class="form-group">
                      <input type="email" value="<?php echo $email; ?>" class="form-input" name="email" placeholder="Your Email Address" required/>
                    </div>
                    <div class="form-group">
                        <input type="password" class="form-input" name="password_1" placeholder="Your Password" required/>
                        <span toggle="#password" class="zmdi zmdi-eye field-icon toggle-password"></span>
                    </div>
                    <div class="form-group">
                        <input type="password" class="form-input" name="password_2" placeholder="Confirm your password" required/>
                        <span toggle="#password" class="zmdi zmdi-eye field-icon toggle-password"></span>
                    </div>
                    <div class="form-group">
                        <input type="submit" class="form-submit" value="Sign up"/>
                    </div>
                </form>
ROD
  • 23
  • 4
  • Is this all your code? Maybe the problem is somewhere around it, like the place where this code gets called from? – mrodo Feb 25 '20 at 18:57
  • You need to check that the form was submitted. Otherwise you'll also execute the code when you load the form. – Barmar Feb 25 '20 at 19:07
  • `if (isset($_POST['submit']))`, replace `submit` with the name of your submit button. – Barmar Feb 25 '20 at 19:08
  • You need to give the submit button a name. – Barmar Feb 25 '20 at 19:08
  • I removed the php within the form and it has fixed the issue, thanks very much – ROD Feb 25 '20 at 19:10
  • It is 2020 and developers still do not [parameterize queries](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)! – Parfait Feb 25 '20 at 21:10
  • Someone submitted the form blank. Because there is no user with a blank username, a new record is created. – HoldOffHunger Feb 25 '20 at 21:59

0 Answers0