0

I am validating my form using jquery and after the form is left with no errors, I want to insert the data into the database but for some reasons, it is not working properly. Can you help me find out my mistake. Thanks,

The JQuery is 

$.post('register_user.php',
                    {
                    'name' : name,
                    'email' : email,
                    'password': password
                    }, 
                    function(data) {
                            if(data == "success"){
                                alert("success");
                            } else if(data == "fail"){
                                alert("fail");
                            }
                    });

THE PHP

            $name = $_POST['name']; //else assign it a variabl
         $email = $_POST['email'];
        $password = $_POST['password'];

    $sql = "SELECT email FROM users WHERE LOWER(email) = '" . $email . "'";
    $result = mysql_query($sql) or die("Could not get email: " . mysql_error());

    if(mysql_num_rows($result) > 0) {
        //email is already taken
    }
    else {
        $query = mysql_query("INSERT INTO `users` ( `name`, `email`, `password`) VALUES ( '$name', '$email', '$password')") or die(mysql_error());
        $result2 = mysql_result($query);
        if((mysql_affected_rows($result2) ==1){
            echo 'success';
        } else {
            echo 'fail';
            }
    }
Improve this question
5
  • "it is not working properly" - not good enough, explain the exact issue(s) in detail. Commented Feb 19, 2014 at 16:56
  • Sorry, but yeah the query is not inserting into database. It did for one or two time but now it is not inserting the data into database Commented Feb 19, 2014 at 16:57
  • Make sure you also do validation on in your PHP code else you might be vulnerable to SQL injection. Commented Feb 19, 2014 at 16:58
  • Yeah I added code before but it was not working so I removed it for the time being Commented Feb 19, 2014 at 16:58
  • If you can, move away from mysql to mysqli or PDO. Commented Feb 19, 2014 at 16:58

1 Answer 1

Reset to default
1

I dont have enough rep yet to comment, so I'll have to put this as an answer.

Step 1: Echo (or print) out what you can. Add echo inside your logic, like where you have: //email is already taken Also echo out the POST variables.

If they all look OK, you should try to echo out your queries. Eg. copy your query line that is like:

$query = mysql_query("INSERT INTO `users` ( `name`, `email`, `password`) VALUES ( '$name', '$email', '$password')")

Then paste it and change it to:

echo "INSERT INTO `users` ( `name`, `email`, `password`) VALUES ( '$name', '$email', '$password')";

Then if this looks bad, it's your query.. You can of course test the output in mysql directly via phpmyadmin or ssh to your server and run the commands through the console (if they give you shell access)

If you manage to get this to work, as some others commented: mysqli or pdo should be your next steps. You also need to do some basic stuff, even though that will take care of mysql injection.

You are still vunerable to XSS and also simply things like whitespace at the end of the email (users often get this, when they copy stuff and insert it into forms).

You can solve some of it by some helper functions you make in PHP, like:

function cleanData($data) {
    return strip_tags(trim($data));
}

That was a very simple sample by me, you can also add other parameters to the function, like casing. Then you can switch the casing and do strtolower, strtoupper, ucwords(strtolower(, etc. And you can then simply wrap your variables inside the function :-)

Btw. E-Mail I would check with regular expressions. Also dont let JS / client side code do the input validation, as it's very easy to manipulate the DOM, or even post from an alternative source. You have to think of this data as "dirty", as it's easy to tamper with.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.