HTML/PHP Form Problems

Question

I'm relatively new to web coding, but I know quite a bit, I was making a registration form earlier, which also checks if the fields are empty. It comes up OK, but nothing seems to work, when the fields are empty, the message doesn't come up, and when the fields are fine, it just loads but doesn't actually insert it into the database. Also, once I press the submit button, the form just disappears as well. Any help would be much appreciated.

<form method="post">
<?php
if(isset($_POST['submit'])){
    $username=$_POST['username'];
    $password=$_POST['password'];
    $password=md5(hash("sha512",$password));
    if(empty($username) or empty($password)){
        $message="Please enter information into the fields.";
    } else {
        mysql_query("INSERT INTO `users` VALUES('',$username,$password)");
        $message="Register successful!";
    }
    echo "<div id='box>$message</div>";
}
?>
Username: <input type="text" name="username" /><br>
Password: <input type="password" name="password" /><br>
<input type="submit" name="submit" value="Sign Up">
</form>

Answer 1

It looks like you are not printing out mysql errors, you just need to add or die(mysql_error()); at the end of the query as in my example i did. Anyway you should surround your strings with quotes . The page came out blank when you press because if condition is met. So change as follow

mysql_query("INSERT INTO `users` VALUES('','$username','$password')") or die(mysql_error());

As side note i would stop using mysql_ function since they are derecated and use instead either PDO or mysqli with prepared statements to avoid any risk of mysql injections since your code is highly vulnerable. LEARN MORE HERE

As CodeBird correctly stated

md5 of an empty string will return a 32 chars string, so the password you are testing will never be empty

Answer 2

Change the query statement to

mysql_query("INSERT INTO `users` VALUES('','$username','$password')");

Start using mysqli_* functions instead of mysql_* as the latter are deprecated

Answer 3

check this out "(`id`, `username`, `password`)" example column name use what you have made it.
<?php
if(isset($_POST['submit']))
{
    $username=$_POST['username'];
    $password=$_POST['password'];
    enter code here
    if(empty($username) || empty($password)){
        $message="Please enter information into the fields.";
    } else {
        $password=md5(hash("sha512",$password));
        mysql_query("INSERT INTO `users` (`id`, `username`, `password`) VALUES('','$username','$password');");
        $message="Register successful!";
    }
    echo "<div id='box'>".$message."</div>";
}
?>
<form method="post" action="">
    <input type="text" name="username" /><br>
    <input type="password" name="password" /><br>
    <input type="submit" name="submit" value="Sign Up">
</form>

Answer 4

Your insert query is wrong, use:

INSERT INTO tablename (col1, col2) VALUES('data1', 'data2' )

Or you can use

INSERT INTO tablename SET col1 = "data1", col2 = "data2"

Answer 5

You are having an issue because you are misusing empty()

A variable is considered empty if it does not exist or if its value equals FALSE

Also you should use double-pipes || for or in your if()

This:

if(empty($username) or empty($password)){

Should be:

if($username === '' || $password === ''){