BasiM Posted October 17, 2013 Share Posted October 17, 2013 Hello. Hope someone can help me. I have created a simple user registration form. The user is required to insert data into the fields and insert a username and password.The server will check in the database if the username and password don't already exist. If the username and password are already in the database it will print out a message that username and password already exist. If username and password don't exist it will run the INSERT statement and display a user successful message. My issue/problem. There is no error message printed. When I run the script it says ''User successful''. When I run the script again entering the same username and password, it prints the ''User successful message'' yet no data is inserted into the database. Hope someone can help Thanx <?php/* * author :[email protected] * * * */include 'connection.php'; if(isset ($_POST['name'] ) && isset ($_POST['surname']) && isset ($_POST[ 'id_number']) && isset ($_POST[ 'contact_number'])&& isset ($_POST[ 'job_id'])&& isset ($_POST[ 'username'])&& isset ($_POST['password'])) // getting the values from the post { $connection = new createConnection(); // creating connection $connect = $connection->connectToDatabase(); // connect to database $connection->selectDatabase(); // select database // escape sql injection $name = mysql_real_escape_string($_POST['name']); $surname =mysql_real_escape_string($_POST['surname']);$id_number = mysql_real_escape_string($_POST['id_number']);$contact_number = mysql_real_escape_string($_POST['contact_number']);$job_id = mysql_real_escape_string($_POST['job_id']);$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string($_POST['password']); $query=mysql_query("SELECT * FROM `medionline`.`employees` WHERE username='$username' AND password= '$password'"); // Check if the username and password already exist in the database if (mysql_num_rows($query) > 0) { echo "Username and password already exist!"; } else {// execute the insert query mysql_query("INSERT INTO `medionline`.`employees`(name,surname,id_number,contact_number,job_id,username, password) VALUES ('$name','$surname','$id_number','$contact_number','$job_id','$username','$password')"); // query for insert data } echo ("User registration Successfull"); $connection->closeConnection(); // closing the connection } else { echo "Error occured!"; // display error message } ?> Link to comment https://forums.phpfreaks.com/topic/283046-register-form/ Share on other sites More sharing options...
Barand Posted October 17, 2013 Share Posted October 17, 2013 You output the success message in all cases if (mysql_num_rows($query) > 0) { echo "Username and password already exist!"; } else { // execute the insert query mysql_query ("INSERT INTO `medionline`.`employees`(name,surname,id_number,contact_number,job_id,username, password) VALUES ('$name','$surname','$id_number','$contact_number','$job_id','$username','$password')"); // query for insert data } echo ("User registration Successfull"); $connection->closeConnection(); // closing the connection Easier to see when you use indentation Link to comment https://forums.phpfreaks.com/topic/283046-register-form/#findComment-1454266 Share on other sites More sharing options...
BasiM Posted October 17, 2013 Author Share Posted October 17, 2013 Thank you. Sorry about not using indentation. Will arrange my script and use it. Link to comment https://forums.phpfreaks.com/topic/283046-register-form/#findComment-1454272 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.