current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I have a 'registration' page in PHP and I would like the script to run when an HTML button is clicked.

The PHP basically checks if all fields are filled, checks if the password and email confirmations are the same and saves to the database.

This is the code:

<?php
$Name = isset($_POST['Name']);
$Surname = isset($_POST['Surname']);

$Username = isset($_POST['Username']);

$Email = isset($_POST['Email']);
$C_Email = isset($_POST['C_Email']);

$Password = isset($_POST['password']);
$C_Password = isset($_POST['c_password']);

$SecQ = isset($_POST['SecQ']);
$SecA = isset($_POST['SecA']);


$con = mysql_connect('localhost', 'admin', 'storefile1234');
mysql_select_db ("storefile");

$check_username = mysql_query("SELECT FROM users WHERE username = '$Username'");
$check_email = mysql_query("SELECT FROM users WHERE Email = '$Email'");


if (!$con)
        {
        die('Could not connect: ' . mysql_error());
        }

if ($Name == null || $Surname== null || $Username == null || $Password == null || $C_Password == null || $Email == null || $C_Email == null || $SecQ == null || $SecA == null ) {

    echo "Missing details. Please enter all fields.";


} else {

    if(mysql_num_rows($check_username) != 0 && mysql_num_rows($check_email) != 0)
            {
            echo "Username/Email already exists";
            }
            if  ($Email == $C_Email && $Password == $C_Password) {

                $query = "INSERT INTO users (Username, Name,Surname, Password, Email, SecQ, SecA) VALUES ('NULL', ".$Username."', ".$Name."', ".$Surname."', ".$Password."', ".$SecQ."', ".$SecA."', ".$Email.')"';

                mysql_query($query) or die ('Error registering.');

                echo "Greetings, ".$Name.", you have been registered. ";

    }  else {

        echo "Error registering your account. Please try again.";
            }

 }


?>

Also, is it recommended?

Whenever I run this page Missing details. Please enter all fields. displays, without having entered any details.

How do you do this?

share|improve this question
3  
offtopic: dont use mysql_* functions. Beter look on PDO with prepared statesments. –  Stranger Dec 5 '12 at 15:55

3 Answers 3

up vote 0 down vote accepted

For the issue of printing that message when you first load the page, use the array_key_exists function to test if the user has already submited something before checking if any field is null. Something like this:

if (array_key_exists('Name', $_POST) || array_key_exists('Surname', $_POST) || ... ) 
    if ($Name == null || $Surname== null || ... ) 
        echo "Missing details. Please enter all fields.";

Observation: you cannot use the isset function for the same purpose since, according to php documentation, it "determine if a variable is set and is not NULL"

share|improve this answer
    
that seemed to work, however, XAMPP is somehow forbidding me from accessing the DB, givinig me this error Access forbidden! You don't have permission to access the requested object. It is either read-protected or not readable by the server. Error 403 The host, username and pass are correct for thr DB. –  Brian Dec 5 '12 at 17:32
up vote 2 down vote

You tying to get values by isset($_POST['Username']); and like this functions...
But documentation says: Returns TRUE if var exists and has value other than NULL, FALSE otherwise.

So check on true, nut null. And escape your POST data after.

You can do like this:

$Name = isset($_POST['Name']) ? mysql_real_escape_string($_POST['Name']) : null;


P.S. Please again. Do not use mysql_* function. They are DEPRECATED.
Look on PDO (or mysqli_*)

share|improve this answer
    
The check would not solve his problem because he is reusing the variables he assigns the return of isset to in his sql statement. –  Benjamin Paap Dec 5 '12 at 16:00
    
@Stranger So basically I need to fix the isset() functions and it will work on button click? –  Brian Dec 5 '12 at 16:00
    
@Brian Yes. You can just check if they exist or not (true|false), but you dont get value of them. Benjamin answer isnt good enough, but solevs problem. –  Stranger Dec 5 '12 at 16:03
up vote 0 down vote

You misuse isset

Try something like this:

$Name = null;
if (isset($_POST['Name'])) {
    $Name = $_POST['Name'];
}

isset is only to check if a value is set.

share|improve this answer
    
So you need to use that function for each variable ? –  Brian Dec 5 '12 at 15:59
    
@Brian correct. –  Stranger Dec 5 '12 at 16:03
    
And dont forget to ESCAPE post data! –  Stranger Dec 5 '12 at 16:04

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.