qubit Posted July 28, 2013 Share Posted July 28, 2013 Here is the .php: <?php include 'config.php'; $username = $_POST['username']; $password = $_POST['password']; $email = $_POST['email']; $ip = $_SERVER['REMOTE_ADDR']; $res = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '$username'")); if(strlen($username < 4)) { echo "Error 5215: Username contains less than 4 characters. "; } if(strlen($password < 4 )) { echo "Error 5215-1: Password contains less than 4 characters. "; } if(strlen($email < 4)) { echo "Error 5215-2: Email contains less than 4 characters. "; } if($res == 1) { echo "Error 21663: Username already exists in database. "; } else { mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')"); echo "Success! Redirecting...."; header("refresh:5;url=login.html"); } ?> The problem here is, I registered fine but then it shows all the errors at once and then it adds it anyways. I tried less than 4 and it still added it in the database. I also tried more than 4 and then it showed all the < 4 errors, What do I do? Quote Link to comment https://forums.phpfreaks.com/topic/280601-register-isnt-working/ Share on other sites More sharing options...
jazzman1 Posted July 28, 2013 Share Posted July 28, 2013 Use exit() or die() after every error. For instance: if(strlen($username < 4)) { echo "Error 5215: Username contains less than 4 characters. "; exit; } Quote Link to comment https://forums.phpfreaks.com/topic/280601-register-isnt-working/#findComment-1442521 Share on other sites More sharing options...
Psycho Posted July 28, 2013 Share Posted July 28, 2013 Use exit() or die() after every error. For instance: if(strlen($username < 4)) { echo "Error 5215: Username contains less than 4 characters. "; exit; } I have to disagree with that. That makes it difficult to gracefully handle errors and can result in invalid output. Also, it makes it so execution stops on the first error encountered instead of telling the user all the errors that need to be resolved. A better approach, IMHO, is to perform all the necessary validations and use a flag or some other process to make a determination as to whether or not to process the results or to show the errors. Also, no need to run the query to check if the username is a duplicate if it doesn't meet the format test. There are other problems as well. For example, you can't send content to the page and then do a header(). Also, you are not escaping your input for use in queries. And, the password is not being hashed. I didn't fix all the problems below. <?php include 'config.php'; //Preprocess input $username = isset($_POST['username']) ? trim($_POST['username']) : ''; $password = isset($_POST['password']) ? $_POST['password']: ''; $email = isset($_POST['email']) ? trim($_POST['email']) : ''; $ip = $_SERVER['REMOTE_ADDR']; //Create array to hold the errors $errors = array(); if(strlen($username < 4)) { $errors[] = "Error 5215: Username contains less than 4 characters."; } else { $usernameSqlSafe = mysql_real_escape_string($username); $sql = "SELECT username FROM users WHERE username = '$usernameSqlSafe'"; $res = mysql_query($sql); if(mysql_num_rows($res)) { $errors[] = "Error 21663: Username already exists in database."; } } if(strlen($password < 4 )) { $errors[] = "Error 5215-1: Password contains less than 4 characters."; } if(strlen($email < 4)) { $errors[] = "Error 5215-2: Email contains less than 4 characters. "; } if(count($errors) { echo "The following error(s) occured:<br><ul>\n"; foreach($errors as $err) { echo "<li>{$err}<li>\n"; } } else { $passwordSqlSafe = mysql_real_escape_string($username); $emailSqlSafe = mysql_real_escape_string($email); $sql = "INSERT INTO users (username, password, email) VALUES ('$usernameSqlSafe', '$passwordSqlSafe', '$emailSqlSafe')" mysql_query($sql); header("refresh:5;url=login.html"); echo "Success! Redirecting...."; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/280601-register-isnt-working/#findComment-1442535 Share on other sites More sharing options...
jazzman1 Posted July 28, 2013 Share Posted July 28, 2013 @psycho, I have to disagree with my reply too, but that was the first working thing that was jumped on the top of my head reading that post -easy and fast Sorry, if I disappoint you Quote Link to comment https://forums.phpfreaks.com/topic/280601-register-isnt-working/#findComment-1442537 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.