我的PHP注册代码有问题

Question

I've been trying to create a register page using php and html and once I was finally done and wanted to check if it works, it just reloaded the page and when I checked the database nothing new was in there. Here are the codes, in register.php,

?php

require_once('connect.php');

$errors = array();

if (isset($_GET['submit'])) {

if (empty($_POST['username'])) { array_push($errors, 'Choose a username.'); }
if (empty($_POST['email'])) { array_push($errors, 'Choose an email.'); }
if (empty($_POST['password'])) { array_push($errors, 'Choose a password.'); }

$old_usn = mysql_query("SELECT id FROM users WHERE name = '".$_POST['username']."' LIMIT 1;") or die(mysql_error());
if (mysql_num_rows($old_usn) > 0) { array_push($errors, 'This username is already taken.'); }

$old_email = mysql_query("SELECT id FROM users WHERE email = '".$_POST['email']."' LIMIT 1;") or die(mysql_error());
if (mysql_num_rows($old_email) > 0) { array_push($errors, 'There is an existing account with this email.'); }

if ($_POST['password1'] != $_POST['password2']) { array_push($errors, 'The password does not match'); }

if (sizeof($errors) == 0) {

//htmlentities($_POST['username'], ENT_QUOTES);
    $username = htmlentities($_POST['username'], ENT_QUOTES);
    $email = htmlentities($_POST['email'], ENT_QUOTES);
    $password1 = htmlentities(sha1($_POST['password1']), ENT_QUOTES);

    mysql_query("INSERT into users (name, hashed_psw, email, joined)
    VALUES ('{$username}', '{$password}', '{$email}', NOW());") or die(mysql_error());

    }

}



?>

and below that:

 <div class="container v-align-transform">
                <div class="row">
                    <div class="col-sm-6 col-sm-offset-3">
                        <div class="feature bordered text-center">
                            <h4 class="uppercase">Register Here</h4>
                            <?php

                            foreach($errors as $e) {

                                echo $e;
                                echo "<br />\n";

                                }
                            ?>
                            <form class="text-left" action="register.php" method="post">
                                <input type="text" name="username" value="" placeholder="Username" />
                                <input type="text" name="email" value="" placeholder="Email Address" />
                                <input type="password" name="password1" value="" placeholder="Password" />
                                <input type="password" name="password2" value="" placeholder="Confirm Password" />
                                <input type="submit" name="submit" value="Register" />
                            </form>
                            <p class="mb0">By signing up, you agree to our
                                <a href="/">Terms Of Use</a>
                            </p>
                        </div>
                    </div>
                </div>
            </div>

I've tried finding what's wrong but couldn't find anything.

Answer 1

There's a few things wrong with this that you should consider buttoning up.

1. Don't use mysql_* functions. Use PDO , or at the very least, mysqli_* functions.
2. Sanitize your SQL data. Or else.
3. No need to use array_push (you can use it if you want to), you can use the shorthand version: $errors[] = "New Error"
4. Don't use sha1/md5/etc hashes for passwords. Use salted hashes instead.
5. Your form method is POST , but you're checking for $_GET ... Switch that to $_POST (including your posted variables)