0

I am trying to do a simple insert for a user sign up. I am using the following PHP code for this.

<?php
require 'connect.php';
require 'variables.php';

// Set variables
$tbl_name = 'users';
$username = $_POST['username'];
$password = $_POST['password'];
$checkpw = $_POST['checkpw'];
$email = $_POST['email'];
$dob = $_POST['dob'];

$username = stripslashes($username);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = stripslashes($password);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$checkpw = stripslashes($checkpw);
$checkpw = mysqli_real_escape_string($conn, $_POST['checkpw']);

function mempty()
{
foreach(func_get_args() as $arg)
    if(!empty($arg)) {
        continue;
    }
    else {
        header('location:register.php?msg=failed');
    }

}
// Check if variables are empty.
mempty($username);
mempty($password);
mempty($checkpw);
mempty($dob);

if (strcmp ($password, $checkpw) == 0) {
    $sql="INSERT INTO $tbl_name (username,password,email,dob) VALUES ($username,$password,$email,$dob)";
    if (mysqli_query($conn, $sql)) {
        echo "Registered Successfully!";
    }
}
?>

The $_POST comes from an HTML form, where I don't believe the problem exists, but I'll show you it anyway just in case.

<form method="post" action="initsec.php">
<p class="reg">Username:</p>
<input name="username" type="text" placeholder="Username" id="username"><br />
<?php if(isset($_GET['msg']) && $_GET['msg'] == 'pws') { echo "Passwords do not match!<br />"; } ?>
<p class="reg">Password:</p>
<input name="password" type="password" placeholder="Password" id="password"><br />
<p>Confirm Password:</p>
<input type="password" name="checkpw" id="checkpw" placeholder="Re-enter Password"><br />
<p>Email Address:</p>
<input type="text" name="email" id="email" placeholder="Email Address"><br />
<p>Date of Birth:</p>
<input type="date" name="dob" id="dob"><br />
<input name="register" type="submit" value="Register" class="register">
</form>

The problem is that the record is not being inserted.

Improve this question
15
  • What is the problem? Commented Mar 17, 2015 at 16:26
  • 5
    ($username,$password,$email,$dob) quote those. mysqli_error($conn) would have signaled the syntax error. Commented Mar 17, 2015 at 16:27
  • @kingkero The problem is that the record is not being inserted into the database. Commented Mar 17, 2015 at 16:28
  • 3
    @ThomasYamakaitis: You should add a disclaimer to your form which tells your users that you are harvesting their passwords in plain text. Commented Mar 17, 2015 at 16:30
  • 1
    Alternatively scrap it and use a prepared statement with bound parameters/values instead of interpolating variables into an SQL query string. Commented Mar 17, 2015 at 16:36

1 Answer 1

Reset to default
2

A couple of issues. I think your main one is your SQL statement:

"INSERT INTO $tbl_name (username,password,email,dob) 
VALUES ($username,$password,$email,$dob)"

The string values probably will need to be quoted (as noted by @Fred -ii- in the comments):

"INSERT INTO $tbl_name (username,password,email,dob) 
VALUES ('$username','$password','$email','$dob')"

I also don't think this function is going to work as you expect it to:

function mempty()
{
    foreach(func_get_args() as $arg) {
        if(!empty($arg)) {
            continue;
        } else {
            header('location:register.php?msg=failed');
        }
    }
}

I added curly braces around the foreach, I suggest you do the same for easier readability. Also, if you do not explicitly exit after issuing a header() redirect, the script will continue (causing all of your failures to also attempt to be inserted into the database), so I would also suggest you do that. Since you're continueing in the loop, you can omit the else altogether for brevity:

function mempty()
{
    foreach(func_get_args() as $arg) {
        if(!empty($arg)) {
            continue;
        } 

        header('location:register.php?msg=failed');
        exit();
    }
}

Since you're using func_get_args in the function, you can pass in any number of arguments, reducing the number of function calls you're making:

mempty($username, $password, $checkpw, $dob);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.