Form with SQL

[aerouk]

Hello all:

 

I'm having some issues with a simple registration form.

 

I want to collect a number of fields and then perform some basic validation before posting it to a mySQL database. However I seem to keep getting a white page error, even though all PHP errors are switched on in the .ini, and I've even set it to E_ALL in the file itself.

 

Can anyone here see anything wrong, or something which could be breaking it?

 

Registration.php:

<?php
ini_set('error_reporting', E_ALL);

if(isset($_POST['submit'])){
    # connect to the database here
    include('db.php');
    # search the database to see if the user name has been taken or not
    $sql= mysql_query("SELECT * FROM ffl_managers WHERE userName='{$_POST['user_name']}' LIMIT 1");
    $row = mysql_fetch_array($sql)or die(mysql_error());
    #check to see what fields have been left empty, and if the passwords match
    if($row||empty($_POST['user_name'])||
    empty($_POST['fname'])||empty($_POST['lname'])||
    empty($_POST['email'])||empty($_POST['password'])||
    empty($_POST['re_password'])||$_POST['password']!=$_POST['re_password']){
        # if a field is empty, or the passwords dont match make a message
        if(empty($_POST['user_name'])){
            $user = 'User Name cant be empty<br>';
        }
        if(empty($_POST['fname'])){
            $fname = 'First Name cant be empty<br>';
        }
        if(empty($_POST['lname'])){
            $lname = 'Last Name cant be empty<br>';
        }
        if(empty($_POST['email'])){
            $email = 'Email cant be empty<br>';
        }
        if(empty($_POST['password'])){
            $password = 'Password cant be empty<br>';
        }
        if(empty($_POST['re_password'])){
            $re_password = 'You must re-type your password<br>';
        }
        if($row){
            $user_name_exist = 'User Name already exists<br>';
        }
        if($_POST['password']!=$_POST['re_password']){
            $password_match = 'Passwords dont match<br>';
        }
    }else{
        # If all fields are not empty, and the passwords match,
        # create a session, and session variables,
        # register_accept will be checked on the next page to see
        # if the user came from this page.
        session_start();
        $_SESSION['user_name'] = $_POST['user_name'];
        $_SESSION['fname'] = $_POST['fname'];
        $_SESSION['lname'] = $_POST['lname'];
        $_SESSION['email'] = $_POST['email'];
        $_SESSION['password'] = $_POST['password'];
        $_SESSION['memorable_word'] = $_POST['memorable_word'];
        $_SESSION['register_accept'] = 1;
        header("Location: confirm_join.php");
        exit;
    }
}
# echo out each variable that was set from above,
# then destroy the variable.
if(isset($user)){
    echo $user;
    unset($user);
}
if(isset($fname)){
    echo $fname;
    unset($fname);
}
if(isset($lname)){
    echo $lname;
    unset($lname);
}
if(isset($email)){
    echo $email;
    unset($email);
}
if(isset($password)){
    echo $password;
    unset($password);
}
if(isset($re_password)){
    echo $re_password;
    unset($re_password);
}
if(isset($user_name_exist)){
    echo $user_name_exist;
    unset($user_name_exist);
}
if(isset($password_match)){
    echo $password_match;
    unset($password_match);
}
if(isset($memorable_word)){
    echo $memorable_word;
    unset($memorable_word);
}
?>
<!-- Start your HTML/CSS/JavaScript here -->
<form action="" method="post">
    <p>First Name:<br><input type="text" name="fname"
    <? echo 'value="'.$_POST['fname'].'"'; ?></p>
    <p>Last Name:<br><input type="text" name="lname"
    <? echo 'value="'.$_POST['lname'].'"'; ?></p>
    <p>Email:<br><input type="text" name="email"
    <? echo 'value="'.$_POST['email'].'"'; ?></p>
    <p>Desired User Name:<br><input type="text" name="user_name"
    <? if(!$row){echo 'value="'.$_POST['user_name'].'"';} ?></p>
    <p>Password:<br><input type="password" name="password"
    <? if($_POST['password']==$_POST['re_password'])
    {echo 'value="'.$_POST['password'].'"';} ?></p>
    <p>Re-Type Password:<br><input type="password" name="re_password"
    <? if($_POST['password']==$_POST['re_password'])
    {echo 'value="'.$_POST['re_password'].'"';} ?></p>
    <p>Memorable Word:<br><input type="text" name="memorable_word"
    <? if(!$row){echo 'value="'.$_POST['memorable_word'].'"';} ?></p>
    <p><input type="submit" name="submit" value="Sign Up"></p>
</form>

 

and confirm_join.php...

 

<?php

# start the session
session_start();
# check to see if the session on the previous page was created
# if it was created, allow this page to run, otherwise
# redirect the user to the join page.
if($_SESSION['register_accept']!=1){
    header("Location: registration.php");
    exit;
}

# Connect to the database here

# addslashes (Helps protect from SQL injection) and remove html
$user = strip_tags(addslashes($_SESSION['user_name']));
$fname = strip_tags(addslashes($_SESSION['fname']));
$lname = strip_tags(addslashes($_SESSION['lname']));
$email = strip_tags(addslashes($_SESSION['email']));
$password = strip_tags(addslashes($_SESSION['password']));
$memorable_word = strip_tags(addslashes($_SESSION['memorable_word']));

# Insert into the database
mysql_query("INSERT INTO ffl_managers(`userName`,`firstName`,`lastName`,`email`,`password`, `memorableWord`, `creditBalance`, `mgrPts`, `joinDate`)
            VALUES('$user','$fname','$lname','$email','$password','$memorable_word','0','0','0')or die(mysql_error()");

# If you would like to send an email, this would be the place to place it

#redirect the user back to a page where they can login
header("Location: login.php");
exit;

?>

 

Any help would be greatly appreciated! Thanks 

[Orio]

I think your problem is in your second if() (in registration.php):

 

if($row|| ...)

//Should become

if(!$row || ...)

 

 

Orio.

[waynew]

It depends on what you can afford to place more overhead on.

[aerouk]

Orio - Thanks for that.  Although I still seem to be getting the dreaded WPE!

 

Waynewex - What do you mean?