0

I have a 'registration' page in PHP and I would like the script to run when an HTML button is clicked.

The PHP basically checks if all fields are filled, checks if the password and email confirmations are the same and saves to the database.

This is the code:

<?php
$Name = isset($_POST['Name']);
$Surname = isset($_POST['Surname']);

$Username = isset($_POST['Username']);

$Email = isset($_POST['Email']);
$C_Email = isset($_POST['C_Email']);

$Password = isset($_POST['password']);
$C_Password = isset($_POST['c_password']);

$SecQ = isset($_POST['SecQ']);
$SecA = isset($_POST['SecA']);


$con = mysql_connect('localhost', 'admin', 'storefile1234');
mysql_select_db ("storefile");

$check_username = mysql_query("SELECT FROM users WHERE username = '$Username'");
$check_email = mysql_query("SELECT FROM users WHERE Email = '$Email'");


if (!$con)
        {
        die('Could not connect: ' . mysql_error());
        }

if ($Name == null || $Surname== null || $Username == null || $Password == null || $C_Password == null || $Email == null || $C_Email == null || $SecQ == null || $SecA == null ) {

    echo "Missing details. Please enter all fields.";


} else {

    if(mysql_num_rows($check_username) != 0 && mysql_num_rows($check_email) != 0)
            {
            echo "Username/Email already exists";
            }
            if  ($Email == $C_Email && $Password == $C_Password) {

                $query = "INSERT INTO users (Username, Name,Surname, Password, Email, SecQ, SecA) VALUES ('NULL', ".$Username."', ".$Name."', ".$Surname."', ".$Password."', ".$SecQ."', ".$SecA."', ".$Email.')"';

                mysql_query($query) or die ('Error registering.');

                echo "Greetings, ".$Name.", you have been registered. ";

    }  else {

        echo "Error registering your account. Please try again.";
            }

 }


?>

Also, is it recommended?

Whenever I run this page Missing details. Please enter all fields. displays, without having entered any details.

How do you do this?

Improve this question
1
  • 3
    offtopic: dont use mysql_* functions. Beter look on PDO with prepared statesments. Commented Dec 5, 2012 at 15:55

3 Answers 3

Reset to default
2

You tying to get values by isset($_POST['Username']); and like this functions...
But documentation says: Returns TRUE if var exists and has value other than NULL, FALSE otherwise.

So check on true, nut null. And escape your POST data after.

You can do like this:

$Name = isset($_POST['Name']) ? mysql_real_escape_string($_POST['Name']) : null;


P.S. Please again. Do not use mysql_* function. They are DEPRECATED.
Look on PDO (or mysqli_*)

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

The check would not solve his problem because he is reusing the variables he assigns the return of isset to in his sql statement.
@Stranger So basically I need to fix the isset() functions and it will work on button click?
@Brian Yes. You can just check if they exist or not (true|false), but you dont get value of them. Benjamin answer isnt good enough, but solevs problem.
0

For the issue of printing that message when you first load the page, use the array_key_exists function to test if the user has already submited something before checking if any field is null. Something like this:

if (array_key_exists('Name', $_POST) || array_key_exists('Surname', $_POST) || ... ) 
    if ($Name == null || $Surname== null || ... ) 
        echo "Missing details. Please enter all fields.";

Observation: you cannot use the isset function for the same purpose since, according to php documentation, it "determine if a variable is set and is not NULL"

Improve this answer

1 Comment

that seemed to work, however, XAMPP is somehow forbidding me from accessing the DB, givinig me this error Access forbidden! You don't have permission to access the requested object. It is either read-protected or not readable by the server. Error 403 The host, username and pass are correct for thr DB.
0

You misuse isset

Try something like this:

$Name = null;
if (isset($_POST['Name'])) {
    $Name = $_POST['Name'];
}

isset is only to check if a value is set.

Improve this answer

2 Comments

So you need to use that function for each variable ?
And dont forget to ESCAPE post data!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.