PHP REGISTRATION PROBLEM

[IlaminiAyebatonyeDagogo]

I have a php registration Script with a php form validation. The Validation seems to be working fine But it is independent of mysql insert query so wether the form input is correct or not the data will still be sink into the data base.

<!DOCTYPE html>
<html lang="en">
<head>
<meta content="en-us" http-equiv="Content-Language">
<link rel="stylesheet" href="style.css" type="text/css" media="all">
<title>
Register Page 
</title>
</head>
<body>
<div id="wrapper">
<!--header-->
<?php include("include/header.php"); ?>

<!-- end header-->
<!-- nav-->
<?php include("include/nav.php"); ?>

<!-- end nav-->
<!-- left bar-->
<?php include("include/left_bar.php"); ?>
<!-- end left bar-->
<!-- content-->
<div id="content" align="left">
		<form method="post" action="check_register.php">
First Name: <br><input type="text" name="fname" ><br>
<?php if (isset($_POST["submit"])&&(empty($fname))) 
{ echo"<center><em><div id='form'>Please Your Frist Name Is Required<br></div></em></center>";}?>
Last Name: <br><input type="text" name="lname" ><br>
<?php if (isset($_POST["submit"])&&(empty($lname))) 
{ echo"<center><em><div id='form'>Please Your Last Name Is Required<br></div></em></center>";}?>
User Name: <br><input type="text" name="username" ><br>
<?php if (isset($_POST["submit"])&&(empty($username))) 
{ echo"<center><em><div id='form'>Please Your User Name Is Required<br></div></em></center>";}?>
Email:<br> <input type="email" name="email" ><br>
<?php if (isset($_POST["submit"])&&(empty($email))) 
{ echo"<center><em><div id='form'>Please Your Email Is Required<br></div></em></center>";}?>
Password: <br><input type="Password" name="password" ><br>
<?php if (isset($_POST["submit"])&&(empty($password))) 
{ echo"<center><em><div id='form'>Please a Password Is Required<br></div></em></center>";}?>
Phone: <br><input type="tel" name="phone" ><br>
<?php if (isset($_POST["submit"])&&(empty($phone))) 
{ echo"<center><em><div id='form'>Please Your Number Is Required<br></div></em></center>";}?>
Gender: <br><input type="text" name="gender" ><br>
<?php if (isset($_POST["submit"])&&(empty($gender))) 
{ echo"<center><em><div id='form'>Please Your Gender Is Required<br></div></em></center>";}?>
<input type="submit" name="submit" value="Register">
</form>
		
		
		</div>
	<!-- end content-->
<!-- right bar-->
<?php include("include/right_bar.php"); ?>
<!-- end right bar-->

<!-- footer-->
<?php include("include/footer.php"); ?>
</div>
<!-- end footer-->
</body>
</html>

that is my register.php that contain the php form validation.

Here is check_register that contains the mysql query

 

Someone Please Use master eye and Spot the Problem for me

<?php
$host="localhost";
$dbuser="root";
$dbpass="";
$db_name="login";
$db_table="login";
mysql_connect("$host","$dbuser","$dbpass")
or die("Could Not Establish Connection");
mysql_select_db("$db_name")or die(mysql_error());

$fname=$_POST["fname"];
$lname=$_POST["lname"];
$username=$_POST["username"];
$email=$_POST["email"];
$password=$_POST["password"];
$phone=$_POST["phone"];
$gender=$_POST["gender"];
//validation of input in the form fieldS		
include("register.php");

$submit=mysql_query("INSERT  INTO users(fname,lname,username,email,password,phone,gender)VALUES('$fname','$lname','$username','$email','$password','$phone','$gender')") or die("REGISTRATION NOT COMPLETED Thanks");
if($submit==TRUE){
Echo"<div style='background:yellow;'><script>alert('YOU HAVE SUCESSFULLY REGISTERED PLEASE LOGIN WITH YOUR USERNAME AND PASSWORD');</script></div>";
} 
?>

Edited October 31, 2013 by IlaminiAyebatonyeDagogo

[mentalist]

Try instead:

if($submit!=FALSE){

The function mysql_query() returns FALSE on fail otherwise a resource (see http://php.net/manual/en/function.mysql-query.php)

 

The other way would be:

if($submit){

[Ch0cu3r]

 

But it is independent of mysql insert query so wether the form input is correct or not the data will still be sink into the data base.

Because you do not have any logic in your code to stop the script from running the insert query if the form fails your validation tests

Edited October 31, 2013 by Ch0cu3r

[sasa]

in line 21 define new variable for checkin is form valid

<?php include("include/left_bar.php"); $chk = TRUE; ?>

in line 27 - 28 add

<?php if (isset($_POST["submit"])&&(empty($fname)))
{ echo"<center><em><div id='form'>Please Your Frist Name Is Required<br></div></em></center>"; $chk = FALSE;}?>

same for another fields

and in line 21 of 2nd file add

if($chk) $submit=mysql_query("INSERT  INTO users(fname,lname,username,email,password,phone,gender)VALUES('$fname','$lname','$username','$email','$password','$phone','$gender')") or die("REGISTRATION NOT COMPLETED Thanks");

[cyber_alchemist]

use isset() or !empty 

<?php
$host="localhost";
$dbuser="root";
$dbpass="";
$db_name="login";
$db_table="login";
mysql_connect("$host","$dbuser","$dbpass")
or die("Could Not Establish Connection");
mysql_select_db("$db_name")or die(mysql_error());
 
$fname=$_POST["fname"];
$lname=$_POST["lname"];
$username=$_POST["username"];
$email=$_POST["email"];
$password=$_POST["password"];
$phone=$_POST["phone"];
$gender=$_POST["gender"];
//validation of input in the form fieldS		
include("register.php");
 if (isset($fname) && isset($lname) && isset($username) && isset($email) && isset($password)&& isset($phone) && $isset($gender) ){
$submit=mysql_query("INSERT  INTO users(fname,lname,username,email,password,phone,gender)VALUES('$fname','$lname','$username','$email','$password','$phone','$gender')") or die("REGISTRATION NOT COMPLETED Thanks");
}
if($submit==TRUE){
Echo"<div style='background:yellow;'><script>alert('YOU HAVE SUCESSFULLY REGISTERED PLEASE LOGIN WITH YOUR USERNAME AND PASSWORD');</script></div>";
} 
?>

this should work...