2

I have the following registration php script. I want to get back a json response as {"result":"success","message":"123"}

where 123 is the id of the registered user. I want this id so at a later point the user can post data to other tables.

However I get this.

{"result":"fail","message":null}

This is my script.

<?php
  session_start();
  require "init.php";
  header('Content-type: application/json');
  $id = $_POST['id'];
  $email = $_POST['email'];
  $user_name = $_POST['user_name'];

  $user_pass = $_POST['user_pass'];
  $passwordEncrypted = sha1($user_pass);  

  $confirmPass = $_POST['confirm_pass'];
  $confPasswordEncrypted = sha1($confirmPass);  

  $msg = "Congratulations. You are now registered to the most amazing app   
  ever!";            

        if(!filter_var($email, FILTER_VALIDATE_EMAIL)){

            $don = array('result' =>"fail","message"=>"Please enter a valid email");

        }    

if($email && $user_name && $user_pass && $confirmPass && filter_var($email, FILTER_VALIDATE_EMAIL)){


    $sql_query = "select * from user_info WHERE email  ='".mysqli_real_escape_string($con, $email)."' or user_name 
    ='".mysqli_real_escape_string($con, $user_name)."'";

    $result = mysqli_query($con, $sql_query);   

    $results = mysqli_num_rows($result);

    if ($results){
        $don = array('result' =>"fail","message"=>"Email or username exists.");

    }else{
        //This is where I am trying to get the id
        while($row = mysqli_fetch_array($result)) {             
            $posts['id'] = $row['id'];


        }   

        $sql_query = "insert into user_info values('$id','$email','$user_name','$passwordEncrypted','$confPasswordEncrypted');";

        if(mysqli_query($con,$sql_query)){
            $_SESSION['id'] = mysqli_insert_id($con);
            //And this is the json response I was talking about
            $don = array('result' =>"success","message"=>$posts['id']);
            mail($email,"Well done. You are registered to my sample app!",$msg);

        }
    }
}else if(!$email){


        $don = array('result' =>"fail","message"=>"Please enter a valid email");               


    }else if(!$user_name){

        $don = array('result' =>"fail","message"=>"Please enter your username");

    }else if(!$user_pass){

        $don = array('result' =>"fail","message"=>"Please enter a password");

    }else if(!confirmPass){

        $don = array('result' =>"fail","message"=>"Please confirm your    
        password");

    }     

  echo json_encode($don);

 ?>
Improve this question
1
  • Could the downvoter please care to comment. Commented Jul 15, 2016 at 13:35

3 Answers 3

Reset to default
5

Change

$don = array('result' =>"success","message"=>$posts['id']);

to

$don = array('result' =>"success","message"=>$_SESSION['id']);

$posts['id'] is always null as the row is not inserted to the database. Remove that code.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Change

$don = array('result' =>"success","message"=>$posts['id']);

To:

$don = array('result' =>"success","message"=>mysqli_insert_id($con));

The problem is that you're referring to $posts['id'] which is always null You try to set it here:

$results = mysqli_num_rows($result);
if ($results){
    $don = array('result' =>"fail","message"=>"Email or username exists.");

}else{
    while($row = mysqli_fetch_array($result)) {
        $posts['id'] = $row['id'];
    }
...

Notice that we only reach the while if $result does not contain any row. Therefore, mysqli_fetch_array($result) is false and this loop never executes. In fact this loop is useless in this script and should be removed.

This goes beyond the scope of your question, but you should think about the following:

  1. What's the point of $confirmPass? You never check whether password and confirm pass match.
  2. Given that the two should be the same, why are you storing both password and confirm pass?
  3. You should never use user-supplied values in SQL queries without escaping them, or even better, without using prepared statements. Your SELECT query at least escapes values, but your INSERT query does not. That leaves you open to SQL injection attacks.
  4. sha1($user_pass) is not a good way to hash a pwd for storage. Use PHP's password_hash and password_verify functions instead. See the guide
Improve this answer

Comments

-1

You don't need the following lines, so remove them, as you are using them before the select query.

//This is where I am trying to get the id
while($row = mysqli_fetch_array($result)) {             
   $posts['id'] = $row['id'];

}

You can replace 

 $don = array('result' =>"success","message" => $posts['id']);

with 

$don = array('result' =>"success","message"=> mysqli_insert_id($con));

No need of session as well.

Improve this answer

1 Comment

If you will check his code, he is fetching rows before select query. The code is of no use.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.