i have added the $random in line 53 and '$random' ,'0' in 57 line inside the (),in the database i have added random and activated with boolean value which is 0 or 1,and when i click the previu/debug in browser button it show me this: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\site 2\register.php on line 22
Please fill in all fields!

when i click in another page the register link i open normaly not like this,where is the problem??

$submit = @$_POST['submit'];
//form data
$fullname = strip_tags (@$_POST['fullname']);
$username = strtolower(strip_tags (@$_POST['username']));
$password= strip_tags(@$_POST['password']);
$repeatpassword = strip_tags(@$_POST['repeatpassword']);
$date =date("Y-m-d");
if ($submit)
// open database
$connect = mysql_connect("localhost","root","");
mysql_select_db("phplogin");  // select database
$namecheck = mysql_query("SELECT username FROM users WHERE username='$username'");
$count = mysql_num_rows($namecheck);

if ($count !=0)
die ("Username is already taken!");


// check for existance


//chechk char length of username and fullname
if (strlen($username)>25||strlen ($fullname)>25)
echo ("Length of username or fullname is too long!");
//check password length
if(strlen($password)>25||strlen ($password)<6)
 echo ("Password must be  between 6 and 25 characters");
//register the user!

//encrypt password
$password = md5($password);
$repeatpassword = md5($repeatpassword);

//generate random number for activation processes
$random = rand(23456789,98765432);

$queryreg =mysql_query("
INSERT INTO users VALUES ('','$fullname','$username','$password','$date','$random','0')
die ("You have been registered!<a href='index.php'> Return to Login page</a>");



 echo ("Your password do nat match!");
 echo("<b>Please fill in all</b> fields!");


Edited by deceptikon: Changed to a discussion thread

4 Years
Discussion Span
Last Post by Atli

That error is shown when you assume that a mysql_query() call is successful, when in fact it fails. Functions like mysql_num_rows() expect a valid MySQL Resources, which the mysql_query() function only returns if the query is successful. Otherwise it returns FALSE.

You should always test for that and trigger an error if if happens, so you can debug it properly.

$sql = "SELECT invalid query";
$result = mysql_query($sql);
if (!$result) {
    trigger_error("Query failed: " . mysql_error(), E_USER_ERROR);
// Now you can do stuff like
if (mysql_num_rows($sql) == 42) {
    // ...

Also, your code is wide open to SQL Injection attacks. Before you do anything else, you should read this page. (Seriously! If you don't take SQL Injection seriously, you're setting your site up for all sorts of potentially fatal security issues.)
- PHP: SQL Injection


You need to learn what the code does, not just where you should paste it. What I posted was an example of a proper way to handle queries made through the MySQL API. It was not meant as a "copy/paste" snippet that you could just drop into your code without knowing what is happening.

Study what I did and try to understand it. Once you do, you should see right away how to apply it. If you're having problems doing that, I'll be more than happy to explain it further.

And, again, about how you use the user input!

I'd like to reiterate my point about the SQL Injection problem in your code. Until you understand what that is and how you can prevent it, you shouldn't go anywhere near code that handles sensitive info like usernames and passwords.

And on the subject of passwords...

You should not be using the MD5 hashing algorithm to hash user passwords. It's far to weak an algorithm to be used for securing sensitive info. Consider using one of the SHA2 variants, or Whirlpool.

// BAD! Very Very bad!
$pwdHash = md5($_POST["password"]);

// A bit better (But still pretty bad!)
$pwdHash = sha1($_POST["password"]);

// Much better
$pwdHash = hash("sha256", $_POST["password"]);

// Much much better
$pwdHash = hash("sha512", $_POST["password"]);

// Good!
$salt = "l:Z=|Lf{hc>H$ragqZ>Q3Zv2";
$pwdHash = hash_hmac("sha512", $_POST["password"], $salt);

In that last example, the $salt value is used to further compliate the hash, to (theoretically) make it harder to crack. Ideally it should be unique per user, but if you don't feel like implementing that you should at least create one salt to be used on all passwords.

Of course, hashing has it's limitations and there are safer ways to store passwords than the once I suggested above. One that is considered ideal for passwords is the bcrypt method. - I suggest you read this article on hashing if you are planing to store user passwords on your site.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.