1

I am working on this registration system where I have a captcha control at the end. I have error reporting included, no error appears. Output page says capcha successfull. While I can see in DB no data being inserted..

Form:

<h2>Registration Form</h2>
Username:<input type="text" name="username" id="username" size="5" class="username" />
Password:<input type="password" name="password1" id="password" />
Repeat Password:<input type="password" name="password2" id="password" />
Full Name:<input type="text" name="name" id="username" class="username" / >
Mobile/Phone:<input type="text" name="phone" id="username" class="username" />
Email Address:<input type="text" name="email" id="username" class="username" />
<img src="captcha.php"><input type="text" name="vercode" />
<input type="submit" name="register" id="button" value="Sign Up" />

PHP: 

include 'db_connect.php';


 if (isset($_POST['submit'])) {

$username = $_POST['username'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];

if ($username=='')
{
echo 'Please choose an username for yourself.';
exit();
}
    if ($password1=='')
{
echo 'Oops, looks like you forgot to enter the password. Please enter the password.';
exit();
}
    if ($password2=='')
{
echo 'Oops, looks like you forgot to re-enter the password. Please enter the password.>';
exit();
}
    if ($name=='')
{
echo 'Please enter your first and the last name.';
exit();
}
    if ($phone=='')
{
echo 'Please enter your house phone or mobile number.';
exit();
}
    if ($email=='')
{
echo 'Please enter your email address.';
exit();
}

//duplicate Entry Validation
$check_email = "SELECT * FROM users WHERE email='$email'";

$run = mysql_query($check_email);

if(mysql_num_rows($run)>0) {
echo "Alert('Email $email already exist in our database!)";
exit();
}

//Data Insertion
$query = "insert into users (username,password,name,phone,email) value ('$username','$password1','$name','$phone','$email')";

if(mysql_query($query)) {

echo "Registration Successfull";

}

} 


 //Captcha Validation
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='')  {
 echo  '<strong>Incorrect Captcha Code Entered.</strong>';
} else {     
 echo  '<strong>Captcha Verification successful.</strong>';
};
?>
Improve this question
5
  • value? or values? is that a typo? Commented May 6, 2014 at 6:39
  • Why do you have the captcha check after the insert? Check the mysql error. Also, insert should be VALUES. Commented May 6, 2014 at 6:40
  • You should look into fixing the SQL Injection vulnerabilities in your code, and stop using PHPs mysql_* functions which are deprecated and will be removed at some point in the future. Instead use either PDO or mysqli Commented May 6, 2014 at 6:42
  • Are you learning to work with PHP by tutorial or educational courses ? I'm asking it because using mysql() functions is deprecated. Use PDO instead. If it's by tutorial, please check for a recent example one, like this one. If it's by educational courses, could you inform the teacher that mysql() functions is deprecated and could be removed in the future? Commented May 6, 2014 at 6:43
  • Thanks for the help.. I am just working on my own website and have not done any course just online help. Someone told me earlier about mysqli but wasn't sure about how to use. If letter 'i' is the whole difference then I can do it that way.. Commented May 6, 2014 at 6:49

1 Answer 1

Reset to default
1

MySQL is deprecated already, you should use MySQLi instead. Try this:

PHP: 

<?php

/* ESTABLISH CONNECTION */

session_start();

$con=mysqli_connect("YouHost","YouUsername","YourPassword","YourDatabase");

if(mysqli_connect_errno()){

echo "Error".mysqli_connect_error();
}

if (isset($_POST['register'])) { /* THIS SHOULD BE register, BECAUSE YOU NAMED YOUR SUBMIT BUTTON register, NOT submit */

$username = mysqli_real_escape_string($con,$_POST['username']);
$password1 = mysqli_real_escape_string($con,$_POST['password1']);
$password2 = mysqli_real_escape_string($con,$_POST['password2']);
$name = mysqli_real_escape_string($con,$_POST['name']);
$phone = mysqli_real_escape_string($con,$_POST['phone']);
$email = mysqli_real_escape_string($con,$_POST['email']);

/* YOU SHOULD PRACTICE USING ESCAPE_STRING TO PREVENT SOME OF SQL INJECTIONS */

if (empty($username))
{
echo 'Please choose a username for yourself.';
exit();
}
    if (empty($password1))
{
echo 'Oops, looks like you forgot to enter the password. Please enter the password.';
exit();
}
    if (empty($password2))
{
echo 'Oops, looks like you forgot to re-enter the password. Please enter the password.>';
exit();
}
    if (empty($name))
{
echo 'Please enter your first and the last name.';
exit();
}
    if (empty($phone))
{
echo 'Please enter your house phone or mobile number.';
exit();
}
    if (empty($email))
{
echo 'Please enter your email address.';
exit();
}

/* duplicate Entry Validation */
$check_email = "SELECT * FROM users WHERE email='$email'";

$run = mysqli_query($con,$check_email);

if(mysqli_num_rows($run)>0) {
echo "Alert('Email $email already exist in our database!)";
exit();
}

/* Data Insertion. YOU SHOULD ALSO CONSIDER IF THE PASSWORD 1 AND 2 ARE THE SAME */

if($password1==$password2 && !empty($username) && !empty($name) && !empty($phone) && !empty($email)){ /* IF PASSWORD1 IS THE SAME WITH PASSWORD2 */

/* INSERT QUERY */    
$query = mysqli_query($con,"INSERT INTO users (username,password,name,phone,email) VALUES ('$username','$password1','$name','$phone','$email')");

echo "Registration Successfull";

} /* END OF IF PASSWORD1 IS EQUALS TO PASSWORD2 */

else { 
echo "Alert('Password is not the same.')";
exit();
}

/* Captcha Validation */
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='')  {
echo  '<strong>Incorrect Captcha Code Entered.</strong>';
} else {     
echo  '<strong>Captcha Verification successful.</strong>';
};

} /* END OF ISSET SUBMIT */

?>

Your HTML file:

<html>
<body>

<h2>Registration Form</h2>
<form action='YourPHPFile' method='POST'>
Username:<input type="text" name="username" id="username" size="5" class="username" />
Password:<input type="password" name="password1" id="password" />
Repeat Password:<input type="password" name="password2" id="password" />
Full Name:<input type="text" name="name" id="username" class="username" / >
Mobile/Phone:<input type="text" name="phone" id="username" class="username" />
Email Address:<input type="text" name="email" id="username" class="username" />
<img src="captcha.php"><input type="text" name="vercode" />
<input type="submit" name="register" id="button" value="Sign Up" />
</form>

</body>
</html>
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

All that work you did and you chose MySQLi, which is broken at best, instead of PDO? ^^
Thank you very much that code just worked fine and data was inserted. But even after everything going well I still got error "Registration SuccessfullIncorrect Captcha Code Entered." I dont understand why because data was inserted..
@Sebastian - you should just check thoroughly your $_SESSION['vercode'] content. It's either empty or the input is not the same with the $_SESSION['vercode']
Thanks agin, yes that was the problem. $_SESSION was missing beacuse I pasted th code as you wrote.. Thanks alot
If my answer helped you from your problem, don't forget to tick the check beside my answer or you can up-vote it.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.