ianhaney50 Posted July 10, 2015 Share Posted July 10, 2015 Hi I am building a sign up form with image upload as I do know is better to store the images on the server within a folder and just store the image filepath within the database so that's what I have done and seems to be working and not at the same time I created a user and it has registered successfully with all the data and has stored the image itself in the uploads folder on the server and in the database it has stored the image filepath but am getting the following errors on the register.php page Notice: Undefined variable: error in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/directory-site/register.php on line 25 Form has been submitted successfully. Notice: Undefined index: uploadedfile in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/directory-site/register.php on line 84 The file has been uploaded, and your information has been added to the directory MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username' The coding is below <?php if (isset($_POST['submit']) && $error == '') { // if there is no error, then process further echo "<p class='success'>Form has been submitted successfully.</p>"; // showing success message ## connect mysql server $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } //This is the directory where images will be saved $target = "uploads/"; $target = $target . basename( $_FILES['photo']['name']); ## query database # prepare data for insertion $username = mysqli_real_escape_string($mysqli, $_POST['username']); $password = md5($_POST['password']); $companyname = mysqli_real_escape_string($mysqli, $_POST['companyname']); $email = mysqli_real_escape_string($mysqli, $_POST['email']); $address1 = mysqli_real_escape_string($mysqli, $_POST['address1']); $address2 = mysqli_real_escape_string($mysqli, $_POST['address2']); $town = mysqli_real_escape_string($mysqli, $_POST['town']); $county = mysqli_real_escape_string($mysqli, $_POST['county']); $postcode = mysqli_real_escape_string($mysqli, $_POST['postcode']); $telnumber = mysqli_real_escape_string($mysqli, $_POST['telnumber']); $category = mysqli_real_escape_string($mysqli, $_POST['category']); $pic = ($_FILES['photo']['name']); # check if username and email exist else insert // u = username, e = emai, ue = both username and email already exists $exists = ""; $result = $mysqli->query("SELECT username from users WHERE username = '{$username}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "u"; } $result = $mysqli->query("SELECT email from users WHERE email = '{$email}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "e"; } if ($exists == "u") echo "<p><b>Error:</b> Username already exists!</p>"; else if ($exists == "e") echo "<p><b>Error:</b> Email already exists!</p>"; else if ($exists == "ue") echo "<p><b>Error:</b> Username and Email already exists!</p>"; else { # insert data into mysql database $sql = "INSERT INTO `users` (`id`, `username`, `password`, `companyname`, `email`, `address1`, `address2`, `town`, `county`, `postcode`, `telnumber`, `category`, `photo`) VALUES (NULL, '{$username}', '{$password}', '{$companyname}', '{$email}', '{$address1}', '{$address2}', '{$town}', '{$county}', '{$postcode}', '{$telnumber}', '{$category}', '{$pic}')"; //Writes the photo to the server if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory"; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file."; } $result = $mysqli->query($sql); if ($mysqli->query($sql)) { $to = $_POST['email']; $subject = "Add Listing Confirmation and Login Credentials"; $message = "Thank you for signing up and adding your listing, your login information is below \r\n Username: {$_POST['username']} \r\n Password: {$_POST['password']}"; $header = "From:noreply@domain.co.uk \r\n"; $retval = mail ($to,$subject,$message,$header); if( $retval == true ) { echo "Message sent successfully..."; } else { echo "Message could not be sent..."; } redirect_to("login.php?msg=Registered successfully"); } else { echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>"; exit(); } } } ?> <div id="column-whole"> <!-- The HTML registration form --> <form method="post" action="<?=$_SERVER['PHP_SELF']?>" enctype="multipart/form-data"> <label>Username:</label> <input type="text" name="username" required="required" placeholder="Please Enter your chosen username"/> <br /> <label>Password:</label> <input type="password" name="password" required="required" placeholder="Please Enter your chosen password"/> <br /> <label>Company Name:</label> <input type="text" name="companyname" required="required" placeholder="Please Enter your company name"> <br /> <label>Email:</label> <input type="email" name="email" required="required" placeholder="Please Enter your email"/> <br /> <label>Address Line 1:</label> <input type="text" name="address1" required="required" placeholder="Please Enter the first line of your address"/> <br /> <label>Address Line 2:</label> <input type="text" name="address2" required="required" placeholder="Please Enter the second line of your address"/> <br /> <label>Town:</label> <input type="text" name="town" required="required" placeholder="Please Enter your town"/> <br /> <label>County:</label> <input type="text" name="county" required="required" placeholder="Please Enter your county"/> <br /> <label>Postcode:</label> <input type="text" name="postcode" required="required" placeholder="Please Enter your postcode"/> <br /> <label>Telephone Number:</label> <input type="text" name="telnumber" required="required" placeholder="Please Enter your landline number"/> <br /> <label>Category:</label> <input type="text" name="category" required="required" placeholder="Please Enter your chosen category"/> <br><br> <label>Upload Image: </label> <input type="hidden" name="size" value="350000"> <input type="file" name="photo"> <br /><br /> <div class="box"> <label>I agree to the <a href="#" target="_blank">terms</a></label> </div> <input type="checkbox" class="checkbox" id="the-terms" value="I Agree"> <input type="submit" name="submit" value="Register" disabled="disabled" id="submitBtn" /> <a class="haveaccount" href="login.php">I already have an account...</a> </form> Am confused about the errors as does seem to be working sort of Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/ Share on other sites More sharing options...
maxxd Posted July 10, 2015 Share Posted July 10, 2015 At the top of your script, you're checking the value of $error before you've created the variable. use isset() instead. And further down in the script you switch from $_FILES['photo'] to $_FILES['uploadedfile'], which apparently doesn't exist. Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516070 Share on other sites More sharing options...
ianhaney50 Posted July 10, 2015 Author Share Posted July 10, 2015 Ahh cool, thank you so much, have corrected them issues now and works perfect and only got one little one now on the php page it comes up with the following Form has been submitted successfully. The file new-logo.jpg has been uploaded, and your information has been added to the directory MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username' <---- NOT SURE WHAT IS CAUSING THIS ERROR Also after submitting the form it should redirect to login.php with the following url redirect_to("login.php?msg=Registered successfully"); but is just staying on register.php page with the message I pasted above with the MySQL error no 1062 Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516072 Share on other sites More sharing options...
maxxd Posted July 10, 2015 Share Posted July 10, 2015 Sounds like you've got a unique constraint (or index) on the username column of your table. What's redirect_to()? That's not a php function. Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516073 Share on other sites More sharing options...
ianhaney50 Posted July 10, 2015 Author Share Posted July 10, 2015 how can I fix the issue on the username within the database? ahh should I use header location instead, is that it? was trying to remember off top of my head Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516074 Share on other sites More sharing options...
maxxd Posted July 10, 2015 Share Posted July 10, 2015 As long as you want unique usernames, the system is actually functioning as it should. While you're testing, either make up a new username for each manual test, or delete the inserted row after each manual test. And yes, header('location:login.php?msg=Registered_successfully'); is what you want (note that I removed the space in the value of msg). Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516075 Share on other sites More sharing options...
ianhaney50 Posted July 10, 2015 Author Share Posted July 10, 2015 I have put the coding in for the header location just above and its still not redirecting and yeah I am deleting the inserted row and then signing up again but still getting the following on the php page Form has been submitted successfully. The file new-logo.jpg has been uploaded, and your information has been added to the directory MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username' Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516078 Share on other sites More sharing options...
ianhaney50 Posted July 10, 2015 Author Share Posted July 10, 2015 sorted it, in the database under indexes, username and email was set to UNIQUE so just changed it to INDEX and now works perfect and adds the data to the database and the image location is uploaded on the database and the actual image is added into the folder on the server and redirects to the login.php?msg=Registered Successfully now so all is good Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516079 Share on other sites More sharing options...
ianhaney50 Posted July 10, 2015 Author Share Posted July 10, 2015 ahh maybe not, the record is duplicating in the database Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516080 Share on other sites More sharing options...
ianhaney50 Posted July 10, 2015 Author Share Posted July 10, 2015 sorry sussed it, I had the querie being executed twice within the coding so took one out and is working perfect now and is not duplicating anymore in the database Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516081 Share on other sites More sharing options...
maxxd Posted July 10, 2015 Share Posted July 10, 2015 That would also explain why you were getting the duplicate entry error. Glad you got it fixed. Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516083 Share on other sites More sharing options...
fastsol Posted July 10, 2015 Share Posted July 10, 2015 You're not doing any kind of validation on the uploaded file, that is a very very bad idea. At this point, anyone could upload literally any file they wanted and make it run on your server. So a php file with malicious code, anything!! Quote Link to comment https://forums.phpfreaks.com/topic/297253-php-signup-form-with-image-upload/#findComment-1516088 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.