0

This may be the most simplest errors ever but I've written a registration script.. which I would say looks okay.. only issue is that it won't insert data... it still prints a message saying registration successful but no data actually goes into the database... see code below:

<?php

include("dbconfig.php");

if(isset($_POST['register'])){

if(empty($_POST['first-name']) or empty($_POST['last-name']) or empty($_POST['email-address']) or empty($_POST['reg-username']) or empty($_POST['reg-pass'])){

    header("location:index-login-page.php?msg0=Please complete the required fields.");


}

else {

    $fname = $_POST['first-name'];
    $lname = $_POST['last-name'];
    $email = $_POST['email-address'];
    $username = $_POST['reg-username'];
    $pass = $_POST['reg-pass'];

    $checkusername = mysql_query("SELECT username FROM users WHERE username = '$username'");
    $checkemail = mysql_query("SELECT email FROM users WHERE email = '$email'");
    $resultusername = mysql_num_rows($checkusername);
    $resultemail  = mysql_num_rows($checkemail);

    if( (($resultusername) ==1) or ($resultemail)==1){
        header("location:index-login-page.php?msg1= Username or email address already exists.");

    }

    elseif( (($resultusername) == 0) && ($resultemail) ==0) {

        $insertquery =("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
            header("location:index-login-page.php?msg1= Registration successful, please login.");

    }

}

}

?>

Please do let me know what the error is (if there is one) because I can't seem to find it. Thanks.

Sohail.

Sohail Arif
  • 86
  • 1
  • 9

1 Answers1

2
$insertquery = ("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");

Should be:

$insertquery = mysql_query("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");

I have to warn you though: this is considered bad practice, you need to sanitize your database input

JorisK
  • 86
  • 5
  • I shall try that now, but what do you mean by 'sanitize'? – Sohail Arif Nov 03 '15 at 09:44
  • Please read: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php/1669109#1669109 – JorisK Nov 03 '15 at 09:46
  • Thank you sir, I have had a look at that and I can assure you that I will consider that for future development. Right now, I am only revising my memory, as its been 7 months since I've done any coding. Thanks. – Sohail Arif Nov 03 '15 at 09:48