Register

[anevins]

Hi,

I created a previous thread but the problems were too confusing so I've started this thread again.

 

I have a register form and it's supposed to validate if fields are empty.

If fields are not empty, it should enter data on submit, into the table.

 

The problem: The form is able to submit without validation and the data does not enter the table.

 

The code:

<?php

  require_once('./includes/connectvars.php');

  // Connect to the database
      $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

  if (isset($_POST['submit'])) {
    // Grab the profile data from the POST
    $username = mysqli_real_escape_string($dbc, trim($_POST['username']));
    $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1']));
    $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2']));
$firstname = mysqli_real_escape_string($dbc, trim($_POST['first_name']));
$lastname = mysqli_real_escape_string($dbc, trim($_POST['last_name']));

    if (!empty($username) && !empty($password1) && !empty($password2) && ($password1 == $password2) && !empty($firstname) && !empty($lastname)) {
      // Make sure someone isn't already registered using this username
      $query = "SELECT * FROM cuser WHERE username = '$username'";
      $data = mysqli_query($dbc, $query);
      if (mysqli_num_rows($data) == 0) {
        // The username is unique, so insert the data into the database
	$query = "INSERT INTO cuser (username, password, join_date, first_name, last_name) VALUES ('$username', SHA('$password1'), NOW(), '$firstname', '$lastname')";

        mysqli_query($dbc, $query);

        // Confirm success with the user
        echo '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>';

        mysqli_close($dbc);
        exit();
      }
      else {
        // An account already exists for this username, so display an error message
        echo '<p class="error">An account already exists for this username. Please use a different address.</p>';
        $username = "";
      }
    }
    else {
      echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>';
    }
  }

  mysqli_close($dbc);
?>

  <p>Please enter your username and desired password to sign up to Mismatch.</p>
  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
      <legend>Registration Info</legend>
      <label for="username">Username:</label>
      <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br />
      <label for="password1">Password:</label>
      <input type="password" id="password1" name="password1" /><br />
      <label for="password2">Password (retype):</label>
      <input type="password" id="password2" name="password2" /><br />
  <label for="first_name">first name:</label>
      <input type="text" id="first_name" name="first_name" /><br />
  <label for="last_name">last name:</label>
      <input type="text" id="last_name" name="last_name" /><br />
    <input type="submit" value="Sign Up" name="submit" />
  </form>
</body> 
</html>

 

Any ideas on what the problem is?

 

I've sent my sessions in another file.

[Pikachu2000]

1) Ideally, you should validate each field and present the individual errors to the user along with the form, with the previously entered values pre-filled. That way the user cna simply make the needed edits and resubmit. Yes, it's more work, but in the long run it greatly enhances the user experience and causes less people to simply become frustrated and leave.

 

2) If you run a query solely to see if any records are returned that match, it's more efficient to run a SELECT COUNT() query than it is to SELECT and use mysqli_num_rows()

 

3) When INSERTing, you should not only check that the query ran successfully, but that the expected number of records were inserted, by using mysqli_affected_rows().

[anevins]

I'm working with an example from a book, 'head first into PHP / MySQL' and that code is an extract from it, with my database and table names changed.

 

[Pikachu2000]

Wow. I'm surprised that came from a published book. Is it in an early chapter?

 

At any rate, looking over the code I don't see anything that jumps out that would cause it not to work as intended. What is happening when you submit the form without everything entered? You should get the "You must enter all of the sign-up data, including the desired password twice." message, along with the form, and no record added to the database.

[anevins]

Yes it really did come from a published book, and it is used to represent registration forms over many chapters.

 

When I press submit with no data entered in the form, the page refreshes to the home page.

[anevins]

I'm off to bed, this thread will be postponed until tomorrow.

 

Thanks

[anevins]

Okiedokie I'm back so this thread can continue.

[Pikachu2000]

Well, Like I said earlier, I don't really see anything obvious that would cause the problem. Do you have error reporting enabled? What do the variables show if you var_dump() them before and after they're sanitized?