1

I'm relatively new to web coding, but I know quite a bit, I was making a registration form earlier, which also checks if the fields are empty. It comes up OK, but nothing seems to work, when the fields are empty, the message doesn't come up, and when the fields are fine, it just loads but doesn't actually insert it into the database. Also, once I press the submit button, the form just disappears as well. Any help would be much appreciated.

<form method="post">
<?php
if(isset($_POST['submit'])){
    $username=$_POST['username'];
    $password=$_POST['password'];
    $password=md5(hash("sha512",$password));
    if(empty($username) or empty($password)){
        $message="Please enter information into the fields.";
    } else {
        mysql_query("INSERT INTO `users` VALUES('',$username,$password)");
        $message="Register successful!";
    }
    echo "<div id='box>$message</div>";
}
?>
Username: <input type="text" name="username" /><br>
Password: <input type="password" name="password" /><br>
<input type="submit" name="submit" value="Sign Up">
</form>
Improve this question
4
  • Stop using mysql_* functions, it will be deprecated soon. And you have to escape the inputs from the user's input. Commented Feb 22, 2014 at 18:26
  • Thanks, how do i do that? Commented Feb 22, 2014 at 18:30
  • read this: in2.php.net/manual/en/mysqli.real-escape-string.php Commented Feb 22, 2014 at 18:35
  • just change $username= mysql_real_escape_string($_POST['username']);$password=mysql_real_escape_string($_POST['password']); in2.php.net/mysql_escape_string But i suggest to use mysqli or PDO. Commented Feb 22, 2014 at 18:40

5 Answers 5

Reset to default
2

It looks like you are not printing out mysql errors, you just need to add or die(mysql_error()); at the end of the query as in my example i did. Anyway you should surround your strings with quotes. The page came out blank when you press because if condition is met. So change as follow

mysql_query("INSERT INTO `users` VALUES('','$username','$password')") or die(mysql_error());

As side note i would stop using mysql_ function since they are derecated and use instead either PDO or mysqli with prepared statements to avoid any risk of mysql injections since your code is highly vulnerable. LEARN MORE HERE

As CodeBird correctly stated

md5 of an empty string will return a 32 chars string, so the password you are testing will never be empty

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

You should add that md5 of an empty string, returns a 32 chars string, so actually the password he's testing is never empty
Hi, I changed the query but I am getting the error of 'No Database Selected' - however, this is my connect code, what is wrong with it? $con = mysqli_connect("localhost","root","password","follow");
So you are not connected to database, check this stackoverflow.com/questions/6326696/…
So add the second part about mysql_select_db
1

Change the query statement to

mysql_query("INSERT INTO `users` VALUES('','$username','$password')");

Start using mysqli_* functions instead of mysql_* as the latter are deprecated

Improve this answer

Comments

1 
check this out "(`id`, `username`, `password`)" example column name use what you have made it.
<?php
if(isset($_POST['submit']))
{
    $username=$_POST['username'];
    $password=$_POST['password'];
    enter code here
    if(empty($username) || empty($password)){
        $message="Please enter information into the fields.";
    } else {
        $password=md5(hash("sha512",$password));
        mysql_query("INSERT INTO `users` (`id`, `username`, `password`) VALUES('','$username','$password');");
        $message="Register successful!";
    }
    echo "<div id='box'>".$message."</div>";
}
?>
<form method="post" action="">
    <input type="text" name="username" /><br>
    <input type="password" name="password" /><br>
    <input type="submit" name="submit" value="Sign Up">
</form>
Improve this answer

Comments

0

Your insert query is wrong, use:

INSERT INTO tablename (col1, col2) VALUES('data1', 'data2' )

Or you can use

INSERT INTO tablename SET col1 = "data1", col2 = "data2"
Improve this answer

Comments

0

You are having an issue because you are misusing empty()

A variable is considered empty if it does not exist or if its value equals FALSE

Also you should use double-pipes || for or in your if()

This:

if(empty($username) or empty($password)){

Should be:

if($username === '' || $password === ''){
Improve this answer

1 Comment

Hi, I just did that, and tried it but as I said in the question, the area is going blank, so still no error message, is there any way to solve this?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.