Jump to content

Recommended Posts

Here is the .php:

 

 

 

<?php
 include 'config.php';


 $username = $_POST['username'];
 $password = $_POST['password'];
 $email = $_POST['email'];


 $ip = $_SERVER['REMOTE_ADDR'];


 $res = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '$username'"));


 if(strlen($username < 4)) {
      echo "Error 5215: Username contains less than 4 characters. ";
 }


 if(strlen($password < 4 )) {
       echo "Error 5215-1: Password contains less than 4 characters. ";
}


 if(strlen($email < 4)) {
       echo "Error 5215-2: Email contains less than 4 characters. ";
}


 if($res == 1) {
    echo "Error 21663: Username already exists in database. ";
} else {
  mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')");
  echo "Success! Redirecting....";
  header("refresh:5;url=login.html");
 }
?>

 

 

 

The problem here is, I registered fine but then it shows all the errors at once and then it adds it anyways. I tried less than 4 and it still added it in the database. I also tried more than 4 and then it showed all the < 4 errors, What do I do?

 

Link to comment
https://forums.phpfreaks.com/topic/280601-register-isnt-working/
Share on other sites

 

Use exit() or die() after every error.

 

For instance:

if(strlen($username < 4)) {
      echo "Error 5215: Username contains less than 4 characters. "; exit;
 }

 

 

I have to disagree with that. That makes it difficult to gracefully handle errors and can result in invalid output. Also, it makes it so execution stops on the first error encountered instead of telling the user all the errors that need to be resolved. A better approach, IMHO, is to perform all the necessary validations and use a flag or some other process to make a determination as to whether or not to process the results or to show the errors.

 

Also, no need to run the query to check if the username is a duplicate if it doesn't meet the format test. There are other problems as well. For example, you can't send content to the page and then do a header(). Also, you are not escaping your input for use in queries. And, the password is not being hashed. I didn't fix all the problems below.

 

 

<?php

include 'config.php';

//Preprocess input
$username = isset($_POST['username']) ? trim($_POST['username']) : '';
$password = isset($_POST['password']) ? $_POST['password']: '';
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
$ip = $_SERVER['REMOTE_ADDR'];



//Create array to hold the errors
$errors = array();

if(strlen($username < 4))
{
    $errors[] = "Error 5215: Username contains less than 4 characters.";
}
else
{
    $usernameSqlSafe = mysql_real_escape_string($username);
    $sql = "SELECT username FROM users WHERE username = '$usernameSqlSafe'";
    $res = mysql_query($sql);
    if(mysql_num_rows($res))
    {
        $errors[] = "Error 21663: Username already exists in database.";
    }
}

if(strlen($password < 4 ))
{
    $errors[] = "Error 5215-1: Password contains less than 4 characters.";
}


if(strlen($email < 4))
{
    $errors[] = "Error 5215-2: Email contains less than 4 characters. ";
}


if(count($errors)
{
    echo "The following error(s) occured:<br><ul>\n";
    foreach($errors as $err)
    {
        echo "<li>{$err}<li>\n";
    }
}
else
{
    $passwordSqlSafe = mysql_real_escape_string($username);
    $emailSqlSafe = mysql_real_escape_string($email);
    $sql = "INSERT INTO users (username, password, email)
            VALUES ('$usernameSqlSafe', '$passwordSqlSafe', '$emailSqlSafe')"
    mysql_query($sql);
    header("refresh:5;url=login.html");
    echo "Success! Redirecting....";
}
?>
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.