0

I am learning php (please be gentle with me - I am a front-end dev trying to learn the dark art of PHP) I know this script fails to have the correct measures in for security etc etc but I am using as a base to get me going. I fail to spot any errors in my script but for some reason when I hit register the page refreshes blank with no errors and show nothing in the DB to suggest it has been inserted successfully?

Real wanting somebody to cast an eye over this and see whats going wrong.

<?php

$page_title = 'Register';
include ('includes/header.html');

if ($_SERVER ['REQUEST_METHOD'] == 'POST')
{
require ('../connect_db.php');
$errors = array();

// Takes value provided in first name input field
if(empty($_POST['first_name']))
{ $errors[] = 'Enter your first name here'; }
else
{ $fn = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); }

// Takes value provided in last name input field
if(empty($_POST['last_name']))
{ $errors[] = 'Enter your last name here'; }
else
{ $fn = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); }

// Takes value provided in email input field
if(empty($_POST['email']))
{ $errors[] = 'Enter your email address'; }
else
{ $ln = mysqli_real_escape_string($dbc, trim($_POST['email'])); }

// Takes value provided in passwor input field & then checks if they match
if(empty($_POST['pass1']))
{ 
    if($_POST[ 'pass1' ] != $_POST[ 'pass2' ])
    { $errors[] = 'Passwords do not match.'; }
    else
    { $p = mysqli_real_escape_string($dbc, trim( $_POST['pass1'])); }
}
else{ $errors[] = 'Enter your password.'; }

//This then checks to see if the email is already registered
if($empty( $errors ))
{
    $q = "SELECT user_id FROM users WHERE email='$e'";
    $r = mysqli_query ($dbc, $q);
    if(mysqli_num_rows($r) !=0 )
    { $errors[] = 'Email address already registered. <a href="login.php">Login</a>'; }
}

//The information will then be stored into the database when successful
if($empty( $errors ))
{
    $q = "INSERT INTO users (first_name, last_name, email, pass, reg_date) VALUES ('$fn,'$in','$e', SHA1('$p'), NOW() )";
    $r = mysqli_query ($dbc, $q);

    if( $r )
    {
        echo '<h1>Registered!</h1>
              <p>You are now registered.</hp
              <p><a href="login.php">Login</a></p>';
    }

    mysqli_close( $dbc );
    include ('includes/footer.html');
    exit();


}

    //Appended statement to show any errors that may occur
    else
    {
        echo '<h1>Error!</h1>
              <p id="err_msg">The following error(s) occured:<br>';
              foreach ( $errors as $msg )
              {
                echo "- $msg<br>";
              }
              echo 'Please try again</p>';
              mysqli_close( $dbc );
    }

}


?>

<!-- Form begins here -->


<h1>Register</h1>

<form action="register.php" method="POST">

<p>
    First name: <input type="text" name="first_name" value="<?php echo $_POST[ 'first_name' ]; ?>"><br><br>
    Last name: <input type="text" name="last_name" value="<?php echo $_POST[ 'last_name' ]; ?>"><br><br>
    Email Address: <input type="text" name="email" value="<?php echo $_POST[ 'email' ]; ?>"><br><br>
    Password: <input type="text" name="pass1" value="<?php echo $_POST[ 'pass1' ]; ?>"><br><br>
    Confirm Password: <input type="pass2" name="password" value="<?php echo $_POST[ 'pass2' ]; ?>"><br><br>
</p>

<input type="submit" value="Register"></p>

</form>

My connect file is sat in the root and I know it has a valid connection. (I hope that isn't the issue anyway)

st4cker
  • 65
  • 1
  • 8
  • 3
    Enable `error_reporting(E_ALL);`. You should have gotten warnings for `$empty()`. Also add some print_r statements in between to further see when it went wrong. – mario Jan 01 '15 at 18:21
  • 2
    `$empty` should just be `empty` – Barmar Jan 01 '15 at 18:23

3 Answers3

1
$r = mysqli_query ($dbc, $q) or die(mysqli_error($db));

"or die(mysqli_error($db))."

is your friend (more so "or" don't let the 'die' part scare you. It just means stop processing now - spit-out error messages. If you are learning php, you should get comfortable with this this when and how to use it. When you are dev/deb spit out ugly message ok, when in production use something other than 'or die'.

How to display errors for my mysqli query

Community
  • 1
  • 1
terary
  • 750
  • 10
  • 27
  • Hmm really struggling with error checking - I cant seem to fire out an error from my script - I thought the validation would spit out but not appearing to be the case – st4cker Jan 01 '15 at 18:41
  • 1
    The odd thing is, when I hit submit the page goes blank, if I refresh the page it asks if I wish to resubmit the form data - looks to me tis doing some weird redirect rather than failing? – st4cker Jan 01 '15 at 18:44
  • 3
    I never use the 'exit()' that you are doing. Also, trying using 'echo message' instead of error[] = ''; As you learn this stuff you'll get better and make things prettier. Don't be ascared to write horirrble crude code, make that code work then plug it into your pretty code. – terary Jan 01 '15 at 18:48
1

Double check your calling page's form HTML. Is the method set to something other that Post? If you aren't seeing anything, checking the first if statement is a good start. You can do a 

die(print_r($_POST, true));

To do a quick check. If there is anything there, you are okay, if it's empty, check the HTML in the <form> tags for the "method" attribute.

Hans
  • 2,945
  • 3
  • 22
  • 30
0

if($empty( $errors )) at lines 40 and 49 of your example : remove the $ before empty, it is a function name, not a variable name.

Also add error_reporting(E_ALL); at the beginning of your script to try to display PHP error/warning messages. They are sometimes disabled by web hosting providers.

sodawillow
  • 10,435
  • 3
  • 31
  • 41