0

On my site I have a registration form. Users only need to enter an Email, Password and re enter their password.

However, even when I have filled in all of the fields, I still get an error echoed saying I haven't filled in the forms. I don't understand what I have done wrong (relatively new to PHP)

Please note I have not tried to sanitize user inputs, therefore I know my code will be vulnerable to SQL Injections!!!

<?php
include("database.php");
include("requirements.php");

if(isset($_POST['register'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$confpassword = $_POST['confpassword'];
}

if(isset($password) && isset($email) && isset($confpassword)){
if($password != '' && $email != '' && $confpassword != ''){
    if($password == $confpassword){
        if(strlen($password) <= 20 && strlen($password) >= 6){
            if(strlen($email) > 6){
                $hash = password_hash($password, PASSWORD_DEFAULT);             
                $insert_user = mysqli_query($con, "INSERT INTO users (email, password, salt) VALUES ('".$email."', '".$password."', '".$salt."')");
                    if($insert_user)
                    {
                    echo "Thank you for registering, you can now login to your account and create a listing.";
                    }
                    else
                    {
                    echo "Sorry there was an error - please try again later. If the issue continues please contact support.";
                    }
                }
                else
                {
                echo "You need to insert an email.";
                }
            }
            else
            {
            echo "The entered email address needs to be above 6 characters.";
            }
        }
        else
        {
        echo "The password must be between 6 and 20 characters long.";
        }
    }
    else
    {
    echo "The two passwords you have entered do not match.";
    }
}
else
{
echo "You have not inserted all of the required fields that were needed.";
}

It just skips to the end saying "You have not inserted all of the required fields that were needed." and doesn't even try to query the database.

Database.php just has the connection to database information (Table, password etc.)

Thank you!

Improve this question

3 Answers 3

Reset to default
1

I would try to manually assign the values to the PHP variables ($email, $password, $confpassword).

    if(isset($_POST['register'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$confpassword = $_POST['confpassword'];
}

//Test variables
$email = '[email protected]';
$password = 'testpassword';
$confpassword = 'testpassword';

if(isset($password) && isset($email) && isset($confpassword)){
if($password != '' && $email != '' && $confpassword != ''){

Once you submit the form, if that works fine you know the problem is with your $_POST data getting assigned to the PHP variables. If that does not work you know there is an issue with your logic and how it handles the variables. That will at least narrow down where you need to look.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Okay, the problem is with the $_POST data getting assigned to PHP variables. Thanks for that - how do I narrow down the problem further?
0

By the way, I did a copy of your code, and called it using :

<form action="test.php" method="post">
    <input type="text" name="email" />
    <input type="text" name="password" />
    <input type="text" name="confpassword" />
    <input type="submit" name="register" />
</form>

It works perfectly. I think your mistake is in your HTML form.

Improve this answer

1 Comment

Turns out it was the HTML - In my form I had " Value="register" " on my button instead of " Placeholder="register" " ... Rookie mistake. Thanks guys!
0

In order to understand what's happening, you should use the "var_dump($variable)" function at the beggining of your code. It's a debug function that displays the content of a variable (usefull for arrays).

1) If only one of the fields is empty, the name of this field has a problem somewhere.

2) If all the fields are empty, your form or your submit button have a problem.

Just a tip : Instead of using "isset" and then check if your fields are filled, you could use "!empty($variable)", it does exactely the same, in one function call ;)

Lemur

Improve this answer

1 Comment

None of the fields are empty, I have filled them all in correctly and I don't understand where I've gone wrong. I'll add var_dump($variable) - thanks! Edit: If I leave both password fields blank, I get "The passwords you have entered do not match"

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.