-1

I'm creating a registration and login page using PHP. I've written code the registration page but due to some reasons, the data that I have tried to insert in the registration page is not being added to the database. It does not show any errors and also does not redirect to the other page.

I've consulted many videos and codes related to this project but none of them have worked. 

<?php

session_start();

$username = "";
$email    = "";
$errors   = [];

$db = mysqli_connect('localhost', 'root', '', 'joblister');

if (isset($_POST['submit'])) {


    $username   = mysqli_real_escape_string($db, $_POST['username']);
    $email      = mysqli_real_escape_string($db, $_POST['email']);
    $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
    $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

    if (empty($username)) {
        array_push($errors, "Username is required");
    }
    if (empty($email)) {
        array_push($errors, "Email is required");
    }
    if (empty($password_1)) {
        array_push($errors, "Password is required");
    }
    if ($password_1 != $password_2) {
        array_push($errors, "The two passwords do not match");
    }

    // a user does not already exist with the same username and/or email
    $jobseeker_check_query = "SELECT * FROM jobseeker WHERE username='$username' OR email='$email' LIMIT 1";
    $result                = mysqli_query($db, $jobseeker_check_query);
    $jobseeker             = mysqli_fetch_assoc($result);

    if ($jobseeker) { // if user exists
        if ($jobseeker['username'] === $username) {
            array_push($errors, "Username already exists");
        }

        if ($jobseeker['email'] === $email) {
            array_push($errors, "email already exists");
        }
    }

    // Finally, register user if there are no errors in the form
    if (count($errors) == 0) {
        $password = md5($password_1);

        $query = "INSERT INTO jobseeker (firstname, lastname, gender, email, username password, address, contact,dob)
              VALUES('$firstname','$lastname','$gender','$email','username','$password', '$address','$contact','dob')";
        mysqli_query($db, $query);
        $_SESSION['username'] = $username;
        $_SESSION['success']  = "You are now logged in";
        header('location: FirstPage.php');
    }
}

There is no error message displayed. The only problem is that the data are not added to the database.

Michał Haracewiat
  • 480
  • 1
  • 3
  • 8
Aayush Niraula
  • 1
  • 1
  • 5
  • 5
    you're open to SQL injection and should address immediately – treyBake Jul 03 '19 at 08:11
  • 3
    `$password = md5($password_1);` This is not a safe way to store password. Consider using [`password_hash()`](https://www.php.net/manual/en/function.password-hash.php) – Cid Jul 03 '19 at 08:14
  • 1
    [mysqli_real_escape_string](https://www.php.net/manual/en/mysqli.real-escape-string.php) for your injection problem. [mysqli_error](https://www.php.net/manual/de/mysqli.error.php) to get a bit more information. – Kryptur Jul 03 '19 at 08:17
  • 1
    `email, username password, address` missing a comma in there. Enable proper error-reporting and you'll see it! – Qirel Jul 03 '19 at 08:18
  • 1
    Add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` at the top of your code, and you will see all the MySQL errors as PHP exceptions. – Qirel Jul 03 '19 at 08:18
  • 1
    include this at the top of your code, `ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);` and outline your `header('location: FirstPage.php')` – xmaster Jul 03 '19 at 08:18
  • 1
    Where are `$firstname`, `$lastname`, `$gender`, `$address` and `$contact` variables defined? Perhaps you want to define them like `$username = mysqli_real_escape_string($db, $_POST['username'])`? – Michał Haracewiat Jul 03 '19 at 08:19
  • Related : [how to display errors for my mysqli query](https://stackoverflow.com/questions/17053466/how-to-display-errors-for-my-mysqli-query) – Cid Jul 03 '19 at 08:22

1 Answers1

1
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
  $password = md5($password_1);

  $query = "INSERT INTO jobseeker (firstname, lastname, gender, email, **username password**, address, contact,dob)
    VALUES('$firstname','$lastname','$gender','$email','username','$password', '$address','$contact','dob')";

    // ... rest of the code
}

I believe you need to put a comma between username and password.

rpm192
  • 2,564
  • 2
  • 15
  • 32
Koffing
  • 34
  • 3