Jump to content

PHP MySQLi register script error


Paul_Withers

Recommended Posts

Hi, I have taken the step of writing my site in MySQLi instead of MYSQL as advised. However, I had a script that I got off the internet, the original file works great and registers the user to the database. However the edited version of the script, where I have added more information such as the users address etc, no longer works.  I have compared the two files and can't seem to find the problem. When the script is run, it skips all the registration part and jumps to the last error in the script saying 'You Could Not Be Registered Because Of Missing Data.'.  All the variables match the column names in the database.

 

Here is the original working script

<?php

error_reporting(E_ALL);
ini_set('display_errors', '1');

// some error checking
/*
if($_POST['reg']){
echo "form submitted";
}else{ echo "form not submitted"; }
*/

if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ){
    // echo $_POST['user']." - ".$_POST['pass']." - ".$_POST['email'];
     
    if( strlen( $_POST['user'] ) < 5 )
    {
        include('header.inc');
        echo "Username Must Be 5 or More Characters.";
        include('footer.inc');
    }
    elseif( strlen( $_POST['pass'] ) < 5 )
    {
        include('header.inc');
        echo "Password Must Be 5 or More Characters.";
        include('footer.inc');
    }
    elseif( $_POST['pass'] == $_POST['user'] )
    {
        include('header.inc');
        echo "Username And Password Can Not Be The Same.";
        include('footer.inc');
    }
  elseif( $_POST['email'] == "" )
    {
        //More secure to use a regular expression to check that the user is entering a valid email
        // versus just checking to see if the field is empty
        include('header.inc');
        echo "Email must be valid.";
        include('footer.inc');
    }
    else
    {
    	
        require( 'database.php' );

        $username = mysqli_real_escape_string($con, $_POST['user']);

        //Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
        $password = mysqli_real_escape_string($con, md5( $_POST['pass']));

        $email = mysqli_real_escape_string($con, $_POST['email'] );

        $sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
         //echo "$sqlCheckForDuplicate<br/>";

        $result = mysqli_query($con, $sqlCheckForDuplicate);

        if(mysqli_num_rows($result) == 0){
        	
        	//echo "No Duplicates<br/>";
        	
        	$sqlRegUser = "INSERT INTO user( username, password, email ) VALUES (
                        '". $username ."',
                        '". $password ."',
                        '". $email."'
                        )";
          //echo "$sqlRegUser<br/>";
          
        	if( !mysqli_query($con, $sqlRegUser ) )
            {
                include('header.inc');
                echo "You Could Not Register Because Of An Unexpected Error.";
                include('footer.inc');
            }
            
            else
            {
/* Note: When using the header function, you cannot send output to the browser
 * before the header function is called. IF you want to echo a message to the
 * user before going back to your login page then you should use the HTML
 * Meta Refresh tag. */

 //echo "You Are Registered And Can Now Login";
 //echo " $username";  //this is for error checking

   header ('location: login.php');

// if using echo then use meta refresh
/*
 *?>
 *<meta http-equiv="refresh" content="2;url= login.php/">
 *<? 
 */

            }
        mysqli_free_result($result);  
                    
        }	
        else
        {
            include('header.inc');
            echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
            //echo " $username;"  //this is for error checking
            include('footer.inc');
        }
            /* close connection */
            mysqli_close($con);          	        
        }      
    }
else
{
    include('header.inc');
    echo "You Could Not Be Registered Because Of Missing Data.";
    include('footer.inc');
}
?>

and here is my version

<?php

error_reporting(E_ALL);
ini_set('display_errors', '1');

if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['pass_again'] ) && isset( $_POST['firstname'] ) && isset( $_POST['lastname'] ) && isset( $_POST['email'] ) && isset( $_POST['email_again'] )  && isset( $_POST['address1'] ) && isset( $_POST['address2'] ) && isset( $_POST['town'] ) && isset( $_POST['county'] ) && isset( $_POST['postcode'] ) && isset( $_POST['business'] ) && isset( $_POST['vat_registered'] ) && isset( $_POST['vat_number'] )) {
     
    if( strlen( $_POST['user'] ) < 5 )
    {
        include('includes/overall/header.php');
        echo "Username Must Be 5 or More Characters.";
        include('includes/overall/footer.php');
    }
    elseif( strlen( $_POST['pass'] ) < 5 )
    {
        include('includes/overall/header.php');
        echo "Password Must Be 5 or More Characters.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['pass'] == $_POST['user'] )
    {
        include('includes/overall/header.php');
        echo "Username And Password Can Not Be The Same.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['pass_again'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Passwords must match";
        include('includes/overall/footer.php');
    }
    
// CREATE  BETTER EMAIL CHECK

  elseif( $_POST['email'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Email must be valid.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['email_again'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Emails must match.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['address_1'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Address cannot be empty";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['address_2'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Address cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['town'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Town cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['county'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "County cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['postcode'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Postcode cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['business'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Business cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['vat_registered'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "VAT Registered cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['vat_number'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "VAT number cannot be empty, please enter N/A if not VAT registered.";
        include('includes/overall/footer.php');
    }
    else
    {
    	
        require( 'database.php' );

        $username = mysqli_real_escape_string($con, $_POST['user']);
        

        //Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
        $password = mysqli_real_escape_string($con, md5( $_POST['pass']));
        $password_again = mysqli_real_escape_string($con, md5( $_POST['pass_again']));
		
        $firstname = mysqli_real_escape_string($con, $_POST['firstname']);
        $lastname = mysqli_real_escape_string($con, $_POST['lastname']);
        
        $email = mysqli_real_escape_string($con, $_POST['email'] );
		$email_again = mysqli_real_escape_string($con, $_POST['email_again']);
		
        $address_1 = mysqli_real_escape_string($con, $_POST['address_1']);
        $address_2 = mysqli_real_escape_string($con, $_POST['address_2']);
        $town = mysqli_real_escape_string($con, $_POST['town']);
        $county = mysqli_real_escape_string($con, $_POST['county']);
        $postcode = mysqli_real_escape_string($con, $_POST['postcode']);
        $business = mysqli_real_escape_string($con, $_POST['business']);
        $vat_registered = mysqli_real_escape_string($con, $_POST['vat_registered']);
        $vat_number = mysqli_real_escape_string($con, $_POST['vat_number']);
                        
        $sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
         //echo "$sqlCheckForDuplicate<br/>";

        $result = mysqli_query($con, $sqlCheckForDuplicate);

        if(mysqli_num_rows($result) == 0){
        	
        	//echo "No Duplicates<br/>";
        	
        	$sqlRegUser = "INSERT INTO user( username, password, password_again, firstname, lastname, email, email_again, address_1, address_2, town, county, postcode, business, vat_registered, vat_number ) VALUES (
                        '". $username ."',
                        '". $password ."',
                        '". $password_again ."',
                        '". $firstname ."',
                        '". $lastname ."',
                        '". $email ."',
                        '". $email_again ."',
                        '". $address_1 ."',
                        '". $address_2 ."',
                        '". $town ."',
                        '". $county ."',
                        '". $postcode ."',
                        '". $business ."',
                        '". $vat_registered ."',
                        '". $vat_number."'
                        )";
          //echo "$sqlRegUser<br/>";
          
        	if( !mysqli_query($con, $sqlRegUser ) )
            {
                include('includes/overall/header.php');
                echo "You Could Not Register Because Of An Unexpected Error.";
                include('includes/overall/footer.php');
            }
            
            else
            {

   header ('location: login.php');


 

            }
        mysqli_free_result($result);  
                    
        }	
        else
        {
            include('includes/overall/header.php');
            echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
            //echo " $username;"  //this is for error checking
            include('includes/overall/footer.php');
        }
            /* close connection */
            mysqli_close($con);          	        
        }      
    }
else
{
    include('includes/overall/header.php');
    echo "You Could Not Be Registered Because Of Missing Data.";
    include('includes/overall/footer.php');
}

?>

Error reporting is switched on, I just cant see the problem. Any help is much appreciated 
Link to comment
Share on other sites

 

Hi, I have taken the step of writing my site in MySQLi instead of MYSQL as advised. However, I had a script that I got off the internet, the original file works great and registers the user to the database. However the edited version of the script, where I have added more information such as the users address etc, no longer works.  I have compared the two files and can't seem to find the problem. When the script is run, it skips all the registration part and jumps to the last error in the script saying 'You Could Not Be Registered Because Of Missing Data.'.  All the variables match the column names in the database.

 

Here is the original working script

<?php

error_reporting(E_ALL);
ini_set('display_errors', '1');

// some error checking
/*
if($_POST['reg']){
echo "form submitted";
}else{ echo "form not submitted"; }
*/

if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ){
    // echo $_POST['user']." - ".$_POST['pass']." - ".$_POST['email'];
     
    if( strlen( $_POST['user'] ) < 5 )
    {
        include('header.inc');
        echo "Username Must Be 5 or More Characters.";
        include('footer.inc');
    }
    elseif( strlen( $_POST['pass'] ) < 5 )
    {
        include('header.inc');
        echo "Password Must Be 5 or More Characters.";
        include('footer.inc');
    }
    elseif( $_POST['pass'] == $_POST['user'] )
    {
        include('header.inc');
        echo "Username And Password Can Not Be The Same.";
        include('footer.inc');
    }
  elseif( $_POST['email'] == "" )
    {
        //More secure to use a regular expression to check that the user is entering a valid email
        // versus just checking to see if the field is empty
        include('header.inc');
        echo "Email must be valid.";
        include('footer.inc');
    }
    else
    {
    	
        require( 'database.php' );

        $username = mysqli_real_escape_string($con, $_POST['user']);

        //Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
        $password = mysqli_real_escape_string($con, md5( $_POST['pass']));

        $email = mysqli_real_escape_string($con, $_POST['email'] );

        $sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
         //echo "$sqlCheckForDuplicate<br/>";

        $result = mysqli_query($con, $sqlCheckForDuplicate);

        if(mysqli_num_rows($result) == 0){
        	
        	//echo "No Duplicates<br/>";
        	
        	$sqlRegUser = "INSERT INTO user( username, password, email ) VALUES (
                        '". $username ."',
                        '". $password ."',
                        '". $email."'
                        )";
          //echo "$sqlRegUser<br/>";
          
        	if( !mysqli_query($con, $sqlRegUser ) )
            {
                include('header.inc');
                echo "You Could Not Register Because Of An Unexpected Error.";
                include('footer.inc');
            }
            
            else
            {
/* Note: When using the header function, you cannot send output to the browser
 * before the header function is called. IF you want to echo a message to the
 * user before going back to your login page then you should use the HTML
 * Meta Refresh tag. */

 //echo "You Are Registered And Can Now Login";
 //echo " $username";  //this is for error checking

   header ('location: login.php');

// if using echo then use meta refresh
/*
 *?>
 *<meta http-equiv="refresh" content="2;url= login.php/">
 *<? 
 */

            }
        mysqli_free_result($result);  
                    
        }	
        else
        {
            include('header.inc');
            echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
            //echo " $username;"  //this is for error checking
            include('footer.inc');
        }
            /* close connection */
            mysqli_close($con);          	        
        }      
    }
else
{
    include('header.inc');
    echo "You Could Not Be Registered Because Of Missing Data.";
    include('footer.inc');
}
?>

and here is my version

<?php

error_reporting(E_ALL);
ini_set('display_errors', '1');

if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['pass_again'] ) && isset( $_POST['firstname'] ) && isset( $_POST['lastname'] ) && isset( $_POST['email'] ) && isset( $_POST['email_again'] )  && isset( $_POST['address1'] ) && isset( $_POST['address2'] ) && isset( $_POST['town'] ) && isset( $_POST['county'] ) && isset( $_POST['postcode'] ) && isset( $_POST['business'] ) && isset( $_POST['vat_registered'] ) && isset( $_POST['vat_number'] )) {
     
    if( strlen( $_POST['user'] ) < 5 )
    {
        include('includes/overall/header.php');
        echo "Username Must Be 5 or More Characters.";
        include('includes/overall/footer.php');
    }
    elseif( strlen( $_POST['pass'] ) < 5 )
    {
        include('includes/overall/header.php');
        echo "Password Must Be 5 or More Characters.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['pass'] == $_POST['user'] )
    {
        include('includes/overall/header.php');
        echo "Username And Password Can Not Be The Same.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['pass_again'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Passwords must match";
        include('includes/overall/footer.php');
    }
    
// CREATE  BETTER EMAIL CHECK

  elseif( $_POST['email'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Email must be valid.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['email_again'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Emails must match.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['address_1'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Address cannot be empty";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['address_2'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Address cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['town'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Town cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['county'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "County cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['postcode'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Postcode cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['business'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Business cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['vat_registered'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "VAT Registered cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['vat_number'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "VAT number cannot be empty, please enter N/A if not VAT registered.";
        include('includes/overall/footer.php');
    }
    else
    {
    	
        require( 'database.php' );

        $username = mysqli_real_escape_string($con, $_POST['user']);
        

        //Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
        $password = mysqli_real_escape_string($con, md5( $_POST['pass']));
        $password_again = mysqli_real_escape_string($con, md5( $_POST['pass_again']));
		
        $firstname = mysqli_real_escape_string($con, $_POST['firstname']);
        $lastname = mysqli_real_escape_string($con, $_POST['lastname']);
        
        $email = mysqli_real_escape_string($con, $_POST['email'] );
		$email_again = mysqli_real_escape_string($con, $_POST['email_again']);
		
        $address_1 = mysqli_real_escape_string($con, $_POST['address_1']);
        $address_2 = mysqli_real_escape_string($con, $_POST['address_2']);
        $town = mysqli_real_escape_string($con, $_POST['town']);
        $county = mysqli_real_escape_string($con, $_POST['county']);
        $postcode = mysqli_real_escape_string($con, $_POST['postcode']);
        $business = mysqli_real_escape_string($con, $_POST['business']);
        $vat_registered = mysqli_real_escape_string($con, $_POST['vat_registered']);
        $vat_number = mysqli_real_escape_string($con, $_POST['vat_number']);
                        
        $sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
         //echo "$sqlCheckForDuplicate<br/>";

        $result = mysqli_query($con, $sqlCheckForDuplicate);

        if(mysqli_num_rows($result) == 0){
        	
        	//echo "No Duplicates<br/>";
        	
        	$sqlRegUser = "INSERT INTO user( username, password, password_again, firstname, lastname, email, email_again, address_1, address_2, town, county, postcode, business, vat_registered, vat_number ) VALUES (
                        '". $username ."',
                        '". $password ."',
                        '". $password_again ."',
                        '". $firstname ."',
                        '". $lastname ."',
                        '". $email ."',
                        '". $email_again ."',
                        '". $address_1 ."',
                        '". $address_2 ."',
                        '". $town ."',
                        '". $county ."',
                        '". $postcode ."',
                        '". $business ."',
                        '". $vat_registered ."',
                        '". $vat_number."'
                        )";
          //echo "$sqlRegUser<br/>";
          
        	if( !mysqli_query($con, $sqlRegUser ) )
            {
                include('includes/overall/header.php');
                echo "You Could Not Register Because Of An Unexpected Error.";
                include('includes/overall/footer.php');
            }
            
            else
            {

   header ('location: login.php');


 

            }
        mysqli_free_result($result);  
                    
        }	
        else
        {
            include('includes/overall/header.php');
            echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
            //echo " $username;"  //this is for error checking
            include('includes/overall/footer.php');
        }
            /* close connection */
            mysqli_close($con);          	        
        }      
    }
else
{
    include('includes/overall/header.php');
    echo "You Could Not Be Registered Because Of Missing Data.";
    include('includes/overall/footer.php');
}

?>

Error reporting is switched on, I just cant see the problem. Any help is much appreciated 

address1 has been corrected to address_1 and the same with address_2 but error still occurs

Link to comment
Share on other sites

The problem is related to the if statement here

if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['pass_again'] ) && isset( $_POST['firstname'] ) && isset( $_POST['lastname'] ) && isset( $_POST['email'] ) && isset( $_POST['email_again'] )  && isset( $_POST['address_1'] ) && isset( $_POST['address_2'] ) && isset( $_POST['town'] ) && isset( $_POST['county'] ) && isset( $_POST['postcode'] ) && isset( $_POST['business'] ) && isset( $_POST['vat_registered'] ) && isset( $_POST['vat_number'] )) {

One of the $_POST variables is not set this is causing the if statement to fail and so you get the Missing Data message shown.

 

You need to make sure you have spelt the names of your fields correctly both in your HTML code and PHP code.  Also make sure all the fields you checking to see exist actually show up in the output of this line (add it before the line above)

printf('<pre>$_POST %s</pre>', print_r($_POST, true));
Link to comment
Share on other sites

the particular message occurs when your massive isset(...) && isset(...) statement is false.

 

the purpose of that statement is (should be) to test if a form was submitted. it doesn't need to test if every field is set, because all text/password/textarea fields will be set.

 

so, just test if one field isset(), such as a hidden field that identifies that your registration form was submitted, which is what the $_POST['reg'] appears to be for.

 

next, DRY (Don't Repeat Yourself.) You have a ton of code repeating the inclusion of the header/footer files. You should only have those ONCE.

 

lastly, you should validate all the inputs at once and output all the errors at once so that the visitor doesn't need to repeatedly submit the form to find out each error in turn. your elseif() logic validating different fields should be completely separate conditional tests.

 

to accomplish validating all the inputs at once, you would make an array to hold the error messages and then simply test if the array is empty at the end of all the validation. if it is empty, no errors. if is not empty, loop over the elements in the array and echo them to display the error messages.

Link to comment
Share on other sites

Its ok I found a solution, it seems it didn't like too many && isset 

 

I changed it to this and it works great

<?php

error_reporting(E_ALL);
ini_set('display_errors', '1');

// some error checking
/*
if($_POST['reg']){
echo "form submitted";
}else{ echo "form not submitted"; }
*/

if	(isset($_POST['user'], $_POST['pass'], $_POST['pass_again'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['email_again'], $_POST['address_1'], $_POST['address_2'], $_POST['town'], $_POST['county'], $_POST['postcode'], $_POST['business'], $_POST['vat_registered'], $_POST['vat_number'] ) ) {
    // echo $_POST['user']." - ".$_POST['pass']." - ".$_POST['email'];
     
    if( strlen( $_POST['user'] ) < 5 )
    {
        include('includes/overall/header.php');
        echo "Username Must Be 5 or More Characters.";
        include('includes/overall/footer.php');
    }
    elseif( strlen( $_POST['pass'] ) < 5 )
    {
        include('includes/overall/header.php');
        echo "Password Must Be 5 or More Characters.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['pass'] == $_POST['user'] )
    {
        include('includes/overall/header.php');
        echo "Username And Password Can Not Be The Same.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['pass_again'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Passwords must match";
        include('includes/overall/footer.php');
    }
    
// CREATE  BETTER EMAIL CHECK

  elseif( $_POST['email'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Email must be valid.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['email_again'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Emails must match.";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['address_1'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Address cannot be empty";
        include('includes/overall/footer.php');
    }
    elseif( $_POST['address_2'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Address cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['town'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Town cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['county'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "County cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['postcode'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Postcode cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['business'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "Business cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['vat_registered'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "VAT Registered cannot be empty";
        include('includes/overall/footer.php');
    }
     elseif( $_POST['vat_number'] == "" )
    {
        
        include('includes/overall/header.php');
        echo "VAT number cannot be empty, please enter N/A if not VAT registered.";
        include('includes/overall/footer.php');
    }
    else
    {
    	
        require( 'database.php' );

        $username = mysqli_real_escape_string($con, $_POST['user']);

        //Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
        $password = mysqli_real_escape_string($con, md5( $_POST['pass']));

        $password_again = mysqli_real_escape_string($con, md5( $_POST['pass_again']));
		
        $firstname = mysqli_real_escape_string($con, $_POST['firstname']);
        $lastname = mysqli_real_escape_string($con, $_POST['lastname']);
        
        $email = mysqli_real_escape_string($con, $_POST['email'] );
		$email_again = mysqli_real_escape_string($con, $_POST['email_again']);
		
        $address_1 = mysqli_real_escape_string($con, $_POST['address_1']);
        $address_2 = mysqli_real_escape_string($con, $_POST['address_2']);
        $town = mysqli_real_escape_string($con, $_POST['town']);
        $county = mysqli_real_escape_string($con, $_POST['county']);
        $postcode = mysqli_real_escape_string($con, $_POST['postcode']);
        $business = mysqli_real_escape_string($con, $_POST['business']);
        $vat_registered = mysqli_real_escape_string($con, $_POST['vat_registered']);
        $vat_number = mysqli_real_escape_string($con, $_POST['vat_number']);
                        
        $sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
         //echo "$sqlCheckForDuplicate<br/>";

        $result = mysqli_query($con, $sqlCheckForDuplicate);

        if(mysqli_num_rows($result) == 0){
        	
        	//echo "No Duplicates<br/>";
        	
        	$sqlRegUser = "INSERT INTO user( username, password, password_again, firstname, lastname, email, email_again, address_1, address_2, town, county, postcode, business, vat_registered, vat_number ) VALUES (
                        '". $username ."',
                        '". $password ."',
                        '". $password_again ."',
                        '". $firstname ."',
                        '". $lastname ."',
                        '". $email ."',
                        '". $email_again ."',
                        '". $address_1 ."',
                        '". $address_2 ."',
                        '". $town ."',
                        '". $county ."',
                        '". $postcode ."',
                        '". $business ."',
                        '". $vat_registered ."',
                        '". $vat_number."'
                        )";
          //echo "$sqlRegUser<br/>";
          
        	if( !mysqli_query($con, $sqlRegUser ) )
            {
                include('includes/overall/header.php');
                echo "You Could Not Register Because Of An Unexpected Error.";
                include('includes/overall/footer.php');
            }
            
            else
            {
/* Note: When using the header function, you cannot send output to the browser
 * before the header function is called. IF you want to echo a message to the
 * user before going back to your login page then you should use the HTML
 * Meta Refresh tag. */

 //echo "You Are Registered And Can Now Login";
 //echo " $username";  //this is for error checking

   header ('location: login.php');

// if using echo then use meta refresh
/*
 *?>
 *<meta http-equiv="refresh" content="2;url= login.php/">
 *<? 
 */

            }
        mysqli_free_result($result);  
                    
        }	
        else
        {
            include('includes/overall/header.php');
            echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
            //echo " $username;"  //this is for error checking
            include('includes/overall/footer.php');
        }
            /* close connection */
            mysqli_close($con);          	        
        }      
}  
else
{
    include('includes/overall/header.php');
    echo "You Could Not Be Registered Because Of Missing Data.";
    include('includes/overall/footer.php');
}

?>

Link to comment
Share on other sites

Here is your script cleaned up a might, and taking into account all of the above suggestions.

UN-TESTED

 

<?php
 
error_reporting(E_ALL);
ini_set('display_errors', '1');
 
// some error checking
/*
if($_POST['reg']){
echo "form submitted";
}else{ echo "form not submitted"; }
*/
/////////////////////////////FAILURE TO TRIM VALUES MAY RESULT IN UN-DESIRED EXECUTION/////////////////////////////
$errors = array();
//if a post has been sent to the page:
if($_SERVER['REQUEST_METHOD'] == 'POST') {
    // echo $_POST['user']." - ".$_POST['pass']." - ".$_POST['email'];
 
//check if either user or pass is empty:
if((!empty($_POST['user']) && !empty($_POST['pass']))  {
if(strlen( $_POST['user'] ) < 5 ) {        //now we check for length
$errors[] = "Username Must Be 5 or More Characters.";     
}
if( strlen( $_POST['pass'] ) < 5 )  {       //now we check for length
$errors[] = "Password Must Be 5 or More Characters.";     
}
if($_POST['pass'] == $_POST['user'] ) {    //see if they match
$errors[] = "Username And Password Can Not Be The Same."; 
}
//now make sure pass_again isn't empty, and that the two match.
if(empty($_POST['pass_again']) || $_POST['pass'] !== $_POST['pass_again'] ) { 
$errors[] = "Passwords must match";
}
    } else { //if the user or pass is empty, we catch it here, bypassing the now needless checks.
$error[] = 'You must provide both a username, and a password.';
}
// CREATE  BETTER EMAIL CHECK
//checking to make sure both emails are populated.
if(!empty($_POST['email_again']) && !empty($_POST['email'])) {
if(!preg_match('~^.+@[^\.].*\.[a-z]{2,}$~',$_POST['email'])) { //check to make sure it is somewhat valid expression.
$errors[] = "Email must be valid."; 
}
if($_POST['email_again'] == $_POST['email'] ) { //and that they are both the same.
$errors[] = "Emails must match.";
}
} else { //we catch them here, if either is empty.
$errors[] = 'You must provide an email address.';
}
//From here on, we are just checking empty values.
    if(empty($_POST['address_1'])) {  
        $errors[] = "Address cannot be empty";    
    }
    if(empty($_POST['address_2']) {
        $errors[] = "Address cannot be empty"; 
    }
    if(empty($_POST['town']) {
        $errors[] = "Town cannot be empty";  
    }
    if(empty($_POST['county']) {
        $errors[] = "County cannot be empty";   
    }
     if(empty($_POST['postcode']) {  
        $errors[] = "Postcode cannot be empty";
     }
    if(empty($_POST['business']) {
        $errors[] = "Business cannot be empty";
    }
    if(empty($_POST['vat_registered']) {       
        $errors[] = "VAT Registered cannot be empty";       
    }
     if(empty($_POST['vat_number']) {
        $errors[] = "VAT number cannot be empty, please enter N/A if not VAT registered.";
    }
    //if errors is empty, then we are good to go on, otherwise we skip all the way to the bottom.
    if(empty($errors)) {
require( 'database.php' ); 
//echo "$sqlCheckForDuplicate<br/>";
$username = mysqli_real_escape_string($con, $_POST['user']);
        $sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
        $result = mysqli_query($con, $sqlCheckForDuplicate);
if(mysqli_num_rows($result) > 0) {  //if there is a duplicate, we log it into errors, which is empty.
$errors[] = "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
            //echo " $username;"  //this is for error checking
} else { //We only add data to the database when we are sure that everything is error free.
        //Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
        //note(***You should encrypt better than md5(), use the crypt() function, or password_hash().
        $password = mysqli_real_escape_string($con, md5( $_POST['pass']));
        $password_again = mysqli_real_escape_string($con, md5( $_POST['pass_again'])); 
        $firstname = mysqli_real_escape_string($con, $_POST['firstname']);
        $lastname = mysqli_real_escape_string($con, $_POST['lastname']);        
        $email = mysqli_real_escape_string($con, $_POST['email'] );
        $email_again = mysqli_real_escape_string($con, $_POST['email_again']); 
        $address_1 = mysqli_real_escape_string($con, $_POST['address_1']);
        $address_2 = mysqli_real_escape_string($con, $_POST['address_2']);
        $town = mysqli_real_escape_string($con, $_POST['town']);
        $county = mysqli_real_escape_string($con, $_POST['county']);
        $postcode = mysqli_real_escape_string($con, $_POST['postcode']);
        $business = mysqli_real_escape_string($con, $_POST['business']);
        $vat_registered = mysqli_real_escape_string($con, $_POST['vat_registered']);
        $vat_number = mysqli_real_escape_string($con, $_POST['vat_number']);        
         //echo "No Duplicates<br/>";         
        $sqlRegUser = "INSERT INTO user( username, password, password_again, firstname, lastname, email, email_again, address_1, address_2, town, county, postcode, business, vat_registered, vat_number ) VALUES (
                        '". $username ."',
                        '". $password ."',
                        '". $password_again ."',
                        '". $firstname ."',
                        '". $lastname ."',
                        '". $email ."',
                        '". $email_again ."',
                        '". $address_1 ."',
                        '". $address_2 ."',
                        '". $town ."',
                        '". $county ."',
                        '". $postcode ."',
                        '". $business ."',
                        '". $vat_registered ."',
                        '". $vat_number."'
                        )";
          //echo "$sqlRegUser<br/>";
         if( !mysqli_query($con, $sqlRegUser ) )  { //if for some reason the query fails after all of this, we catch it at the bottom.
           $errors[] = "You Could Not Register Because Of An Unexpected Error.";
        }  else  {
/* Note: When using the header function, you cannot send output to the browser
* before the header function is called. IF you want to echo a message to the
* user before going back to your login page then you should use the HTML
* Meta Refresh tag. */
 
//echo "You Are Registered And Can Now Login";
//echo " $username";  //this is for error checking
 
  header ('location: login.php'); //if query succeeds, then we re-direct: (NOTE, this should be a fully qualified URI).
  //always include an exit() function after a header(), this will end script execution:
  exit();
 
// if using echo then use meta refresh
/*
*?>
*<meta http-equiv="refresh" content="2;url= login.php/">
*<? 
*/
 
//result is always freed on exit of script, this line will never run. 
        mysqli_free_result($result);  
                    
        } 
 
}  
//if you have gotten this far, there are only two cases:
//1. you have errors:
//2. registration query failed.
    include('includes/overall/header.php');
    foreach($errors as $value) { //print all errors to page:
echo $value . "<br />\n";
}
    include('includes/overall/footer.php');
}
 
?>
Link to comment
Share on other sites

Im gonna cry, the last version I posted worked yesterday, and now Im getting the message

 

You Could Not Register Because Of An Unexpected Error.

 

From reading through the checks this seems to be because of

if( !mysqli_query($con, $sqlRegUser ) )
            {
                include('includes/overall/header.php');
                echo "You Could Not Register Because Of An Unexpected Error.";
                include('includes/overall/footer.php');
            }
            

 

But I can't figure out what the unexpected error is :(

 

Any ideas?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.