Registration PHP Code error

Question

I am facing an error while completing my registration system. My database connection is working properly.

Registration PHP Code:

require 'db.php';

$message = '';

if(!empty($_POST['full_name']) && !empty($_POST['email']) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['confirm_password'])):

    // Enter the new user in the database
    $sql = "INSERT INTO users (full_name, email, username, password) VALUES (:email, :password)";
    $stmt = $con->prepare($sql);

  $stmt->bindParam(':email', $_POST['full_name']);
    $stmt->bindParam(':email', $_POST['email']);
  $stmt->bindParam(':email', $_POST['username']);
    $stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));

if( $stmt->execute() ):
header('Location: index.php');
    $message = 'Successfully created new user';
else:
    $message = 'Sorry there must have been an issue creating your account';
endif;

endif;

Answer 1

You are binding parameters for values which you have not included in the query,

change,

$sql = "INSERT INTO users (full_name, email, username, password) VALUES (:email, :password)";

to,

$sql = "INSERT INTO users (full_name, email, username, password) VALUES (:full_name, :email, :username, :password)";

and change,

$stmt->bindParam(':email', $_POST['full_name']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':email', $_POST['username']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));

to,

$stmt->bindParam(':full_name', $_POST['full_name']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));

Now you are actually passing the correct values to the query.

Take note of the following:

• Ensure you are validating/sanitizing your user input.
• Ensure that you use exit with header to prevent errors.
• You are setting the value of $message but not outputting it.