Hey guys, I have been trying to create a registration page for a while now, and I just can't seem to get it right. Could any of you help me?
I currently have 3 php pages. The first is the homepage, which also includes a sign up form:

<form name="registration_form" method="post" action="register.php" onsubmit="return Validate();">
<table>
	<tr><td class="label">First Name:</td><td><input type="text" name="fname"></td></tr>
	<tr><td class="label">Last Name:</td><td><input type="text" name="lname"></td></tr>
	<tr><td class="label">E-Mail Address:</td><td><input type="text" name="email"></td></tr>
	<tr><td class="label">Username:</td><td><input type="text" name="username"></td></tr>
	<tr><td class="label">Password:</td><td><input type="password" name="password"></td></tr>
	<tr><td class="label">Password Confirmation:</td><td><input type="password" name="password_confirmation"></td></tr>
	<tr><td class="label"><input type="submit" value="Register"></td></tr>
	</form>
	</table>
	<script language = "Javascript">
  
function Validate()
{
    if (document.registration_form.fname.value == '') 
    {
        alert('Please fill in your  first name!');
        return false;
    }
    if (document.registration_form.lname.value == '') 
    {
        alert('Please fill in your last name!');
        return false;
    }
    if (document.registration_form.email.value == '') 
    {
       alert('Please fill in your email address!');
       return false;
    }
    if (document.registration_form.username.value == '') 
    {
        alert('Please fill in your desired username!');
        return false;
    }
    if (document.registration_form.password.value == '') 
    {
       alert('Please fill in your desired password!');
      return false;
    }
    if (document.registration_form.password_confirmation.value == '') 
    {
       alert('Please fill in your password again for confirmation!');
      return false;
    }
    if (document.registration_form.password.value != 
    document.registration_form.password_confirmation.value) 
    {
        alert("The two passwords are not identical! "+
        "Please enter the same password again for confirmation");
        return false;
    }
    
    return true;
}

Also there is the register.php page:

<body>
<?php 
include("dbConfig.php");
$email = "' . $_POST['email'] . '";
$result = mysql_query("SELECT email FROM users WHERE
email='$name'",$db);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0){
print"Your e-mail already has an account here, please try another e-mail address."
}
else{
$insert_query = 'insert into 	users (
					fname,
					lname
					email,
					username,
					password
					) 
					values
					(
					"' . $_POST['fname'] . '", 
					"' . $_POST['lname'] . '",
					"' . $_POST['email'] . '",
					"' . $_POST['username'] . '",
					"' . md5($_POST['password']) . '"
					)';

mysql_query($insert_query);
echo "You have succesfully signed up!";
}
?>
<?php
</body>

And finally there is the dbConfig.php page which has my database info:

<?php
$host = "localhost";
$user = "****";
$pass = "********";
$db   = "jmtdy";
 

$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.\n";
}
 

mysql_select_db($db);
?>

$result = mysql_query("SELECT email FROM users WHERE email='$name'",$db);

Your form is not passing any variable called $name, and also you haven't even collected the data from the form at this point - your $_POST bits come after this, so even if it was a variable on the form, you can't yet use it.


Also, you are not sanitising any of your form data, but are passing it directly to the database!!! Very risky indeed.