1

My code is below:

<?php

require("db.php");

if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])){

    //prevent SQL injections
    $username = mysql_real_escape_string($_POST['username']);
    $email = mysql_real_escape_string($_POST['email']);

    //get MD5 hash of password
    $password = md5($_POST['password']);

    //check to see if username exists
    $sql = mysql_query("SELECT Username FROM Users WHERE Username = '".$username."'");

    if(mysql_num_rows($sql)>0){
        die ("Username taken. Please pick a different Username");
    }

    mysql_query("INSERT INTO Users (Username, Password, Email, UserType)
                VALUES ('$username','$password','$email','3')") 
        or die (mysql_error()); 

    echo "Account Created.";
}    
?>

<html>
    <form action="register.php" method="post">
        Username: <input name="username" ID="username" type="text"/><br>
        Password: <input name"password" id="password" type="password"/><br>
        Email: <input name="email" id="email" type="text" /><br>
        <input type = "submit" value = "Submit"/>

    </form>

</html>

I'm unsure as to why my users aren't being created. I've tried researching for the last few hours, but I'm not sure why this is erroring... it looks right to me...

If anyone could be of any help, that would be great. Thanks.

EDIT:

<?php

session_start();

$host="<myDBHost>"; // Host name 
$localusername="<myDBusername>";
$localpassword="<myDBpassword";
$database_name="<mydbName>";

mysql_connect("$host", "$localusername", "$localpassword")
    or die("An error occured while establishing a connection to the DB.");
mysql_select_db($database_name);
Improve this question
2

1 Answer 1

Reset to default
1

See how you set the use of a variable here:

"SELECT Username FROM Users WHERE Username = '".$username."'"

You need to always do this throughout your script:

"INSERT INTO Users (Username, Password, Email, UserType)
            VALUES ('".$username."','".$password."','".$email."','3')"

There are other ways to do this, but just choose one and stick with it.

And as I stated above:

Do not use md5() on passwords. You should use a salt and hashing algorithm. And please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Okay this is a frame based off of your code that will help you get started in the right direction with mysqli. Remember you still need to always validate user input and also hash and salt the password. There are also better ways to display your errors. I did them this way to help you debug your script.

    <?php
session_start();
define("DB_HOST", "your host");     
define("DB_USERNAME", "your username");          
define("DB_PASSWORD", "your password"); 
define("DB_NAME", "database name");

if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))
    {
    $Mysqli = new mysqli(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME);
        if ($Mysqli->connect_errno)
            {
                echo "Failed to connect to MySQL: (" . $Mysqli->connect_errno . ") " . $Mysqli->connect_error;
                $Mysqli->close();
            }   
    //prevent SQL injections you should validate these with form validation functions
    $username = $_POST['username'];
    $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
    //get MD5 hash of password - this should be hashed and salted
    $password = md5($_POST['password']);
    //first query check if user name exist
    $query = "SELECT Username FROM Users WHERE Username = ?";

    if(!$stmt = $Mysqli->prepare($query))
          {
             echo "Failed to Prepare Query: (" . $stmt->errno . ") " . $stmt_error;

          }
    if(!$stmt->bind_param("s",$username))
          {
             echo "Failed to bind Query: (" . $stmt->errno . ") " . $stmt_error;
          }
    if($stmt->execute())
         {    
            $stmt->store_result();
            if($stmt->num_rows>0)
                {
                    die ("Username taken. Please pick a different Username");
                }
            $stmt->free_result();
        }
    //second query put user in database 
    $query = "INSERT INTO Users (Username, Password, Email, UserType)VALUES (?,?,?,?)";

    if(!$stmt = $Mysqli->prepare($query))
          {
             echo "Failed to Prepare Query: (" . $stmt->errno . ") " . $stmt_error;

          }
    if(!$stmt->bind_param("sssi",$username,$password,$email,3))
          {
             echo "Failed to bind Query: (" . $stmt->errno . ") " . $stmt_error;
          }
    if($stmt->execute())
         {    
            echo "Account Created.";
            $stmt->close();
        }
        else
            {   
                echo "Could not create account at this time.";
            }
    }
    else
        {
?>

<html>
    <form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
        Username: <input name="username" ID="username" type="text"/><br>
        Password: <input name"password" id="password" type="password"/><br>
        Email: <input name="email" id="email" type="text" /><br>
        <input type = "submit" value = "Submit"/>

    </form>

</html>

<?PHP
}
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

You are welcome hope it helps, and here is a link to Hashing Passwords
Oops, unable to edit: I didn't notice that mysql_* functions were deprecated (I just started using PHP today). Do you know why my code, even though I have tried your suggestion multiple times (in pure frustration) still doesn't work?
No errors I can see. I've even tried adding an echo after the query to see if I can get ANYTHING, but after I hit "submit" it literally does nothing but reset everything to default.
make sure your connection to mysql is there. how are you connecting in db.php
I have edited my above post to include the connection portion of my db.php Thanks for looking.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.