Member Avatar for samaniac

Hey guys, I have been trying to create a registration page for a while now, and I just can't seem to get it right. Could any of you help me?
I currently have 3 php pages. The first is the homepage, which also includes a sign up form:

<form name="registration_form" method="post" action="register.php" onsubmit="return Validate();">
<table>
	<tr><td class="label">First Name:</td><td><input type="text" name="fname"></td></tr>
	<tr><td class="label">Last Name:</td><td><input type="text" name="lname"></td></tr>
	<tr><td class="label">E-Mail Address:</td><td><input type="text" name="email"></td></tr>
	<tr><td class="label">Username:</td><td><input type="text" name="username"></td></tr>
	<tr><td class="label">Password:</td><td><input type="password" name="password"></td></tr>
	<tr><td class="label">Password Confirmation:</td><td><input type="password" name="password_confirmation"></td></tr>
	<tr><td class="label"><input type="submit" value="Register"></td></tr>
	</form>
	</table>
	<script language = "Javascript">
  
function Validate()
{
    if (document.registration_form.fname.value == '') 
    {
        alert('Please fill in your  first name!');
        return false;
    }
    if (document.registration_form.lname.value == '') 
    {
        alert('Please fill in your last name!');
        return false;
    }
    if (document.registration_form.email.value == '') 
    {
       alert('Please fill in your email address!');
       return false;
    }
    if (document.registration_form.username.value == '') 
    {
        alert('Please fill in your desired username!');
        return false;
    }
    if (document.registration_form.password.value == '') 
    {
       alert('Please fill in your desired password!');
      return false;
    }
    if (document.registration_form.password_confirmation.value == '') 
    {
       alert('Please fill in your password again for confirmation!');
      return false;
    }
    if (document.registration_form.password.value != 
    document.registration_form.password_confirmation.value) 
    {
        alert("The two passwords are not identical! "+
        "Please enter the same password again for confirmation");
        return false;
    }
    
    return true;
}

Also there is the register.php page:

<body>
<?php 
include("dbConfig.php");
$email = "' . $_POST['email'] . '";
$result = mysql_query("SELECT email FROM users WHERE
email='$name'",$db);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0){
print"Your e-mail already has an account here, please try another e-mail address."
}
else{
$insert_query = 'insert into 	users (
					fname,
					lname
					email,
					username,
					password
					) 
					values
					(
					"' . $_POST['fname'] . '", 
					"' . $_POST['lname'] . '",
					"' . $_POST['email'] . '",
					"' . $_POST['username'] . '",
					"' . md5($_POST['password']) . '"
					)';

mysql_query($insert_query);
echo "You have succesfully signed up!";
}
?>
<?php
</body>

And finally there is the dbConfig.php page which has my database info:

<?php
$host = "localhost";
$user = "****";
$pass = "********";
$db   = "jmtdy";
 

$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.\n";
}
 

mysql_select_db($db);
?>
  • 2 Contributors
  • 1 Reply
  • 154 Views
  • 13 Hours Discussion Span
  • Latest Post Latest Post by drjohn
Member Avatar for drjohn

$result = mysql_query("SELECT email FROM users WHERE email='$name'",$db);

Your form is not passing any variable called $name, and also you haven't even collected the data from the form at this point - your $_POST bits come after this, so even if it was a variable on the form, you can't yet use it.


Also, you are not sanitising any of your form data, but are passing it directly to the database!!! Very risky indeed.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.