Need PHP HTML help with register form
Question
here is some code that I plan on using in a registration form for my site
<?php
session_start();
include ("includes/config.php");
if ($Authenticated == False) {
?>
<div id="register">
<form action="index.php?page=register" method="post">
<lable id="registerStuff"> Name: </>
<input id="registerIn" type='text' name='name' maxlength="20" />
<br/>
<lable id="registerStuff"> Surname: </>
<input id="registerIn" type='text' name='surname' maxlength="20" />
<br/>
<lable id="registerStuff"> Username: </>
<input id="registerIn" type='text' name='username' maxlength="20" />
<br/>
<lable id="registerStuff"> Password: </>
<input id="registerIn" type='password' name='password' maxlength="20" />
<br/>
<lable id="registerStuff"> Retype Password: </>
<input id="registerIn" type='password' name='passwordcheck' maxlength="20" />
<br/>
<input type='submit' value='Register'>
<br/>
</form>
</div>
<?php
$name = mysql_real_escape_string($_POST['name']);
$surname = mysql_real_escape_string($_POST['surname']);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$passwordcheck = mysql_real_escape_string(md5($_POST['passwordcheck']));
if ($username OR $password OR $passwordcheck != null) {
if ($password == $passwordcheck) {
$query = "INSERT INTO users (name, surname, username, password) VALUES ('" . $name . "', '" . $surname . "', '" . $username . "', '" . $password . "')";
$result = mysql_query($query);
if (!$result) {
echo "Username wrong";
}
} else {
echo "passwords didnt match";
}
}
}
if ($Authenticated == True) {
header("Location: index.php");
}
?>
I cant seem to get proper error messages working, I need to check if the 2 passwords entered are identical, I also need to make sure that no blanks can be entered into the DB. If anyone could help me at all it would be much appreciated
2 answers
solution1
2 ACCPTED 2011-07-12 16:27:42
You made quite a common mistake I guess. Most beginners seem to want to write as little code as possible. However, in this case that doesn't work. You will have to check each variable for emptiness.
Your code would be correct when you changed your if construct:
if ($username != "" AND $password != "" AND $passwordcheck != "") {
}
However, to make the code look a bit slighter, it's probably best to just use the function empty() that returns TRUE if the variable is empty:
if (!empty($username) AND !empty($password) AND !empty($passwordcheck)) {
}
solution2
1 2011-07-12 16:29:14
Very interesting code you have there. I would suggest, before asking people here to write more than half of your script, to Google "PHP Login Script" - this is the number one result and the answer to your question.
$sql="SELECT * FROM $tbl_name
WHERE username='$myusername' AND password='$mypassword'";
$result=mysql_query($sql);
With that said, this is the incorrect way of doing it and you should look into prepared statements. Since you're starting off, you probably should start of with a security mindset.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.