PHP/SQL - Blank page for registered users for a simple registration page

Question

I have an assignment where I have to make a registration page in php.... I just want to keep things simple so making the form work is all I'm aiming for. I am aware of the vulnerability of sql injections/plaintext, but that's the last of my worries for now since it's a class assignment.

The script below works as far as inserting new users/passwords, but if there's an existing user, the page is blank and doesn't give a warning. I'm looking for help in giving the error "Sorry, this user already exists" shown on the screen (or something).

Thanks :D.

<?php

define('DB_HOST', 'localhost');
define('DB_NAME', '////////');
define('DB_USER','/////////');
define('DB_PASSWORD','///////////');

$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());

function NewUser() { $userName = $_POST['user']; $password = $_POST['pass']; $query = "INSERT INTO UserName (userName,pass) VALUES ('$userName','$password')"; $data = mysql_query ($query)or die(mysql_error()); if($data) { echo "YOUR REGISTRATION IS COMPLETED..."; } } function SignUp() { if(!empty($_POST['user']))  { 

$query = mysql_query("SELECT * FROM UserName WHERE userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error()); 

if(!$row = mysql_fetch_array($query))) 
{ newuser(); } 
else { echo "SORRY...YOU ARE ALREADY REGISTERED USER..."; } } } if(isset($_POST['submit'])) { SignUp(); } ?>

Answer 1

First, Its really important check your php_error_log or Add error reporting into the TOP of your file.

<?php 
   error_reporting(E_ALL);
   ini_set('display_errors', 1);

There is an extra closing parenthesis and you are calling an undefined function.
Assuming these are the errors, fix then with:

if(!$row = mysql_fetch_array($query)) { 
    NewUser();
} 
else {
     echo "SORRY...YOU ARE ALREADY REGISTERED USER..."; 
}

• Also, consider using mysqli with prepared statements , or PDO with prepared statements , they're much safer .

Hope it helps you.

Answer 2

1. Thanks to @bcesars for the extra parenthesis fix. I thought there was something odd with the count.

2. After, I came up with a problem where the "This user already exists" error pops up ONLY if the user and pass matches the same one in the database. If I use a different password, the info is still inserted into the database.

Solution: Remove

 AND pass = '$_POST[pass]'

from

$query = mysql_query("SELECT * FROM UserName WHERE userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error()); 

So far it works. I'm still new into this whole database/php thing so thanks for bearing with me ♥