I am currently working on a register page for my website. I just need some help as i'm unsure why when i enter the registration details (only 2 fields) it goes to the thank you page, but when i check my database there is not new record under USERS. Below is my code:
<?php
$host="*********"; // Host name
$username="**********"; // Mysql username
$password="**********"; // Mysql password
$db_name="arihealthinfo"; // Database name
$tbl_name="USERS"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$ParticipantID=$_POST["ParticipantID"];
$password=$_POST["UserPass"];
$sql = "SELECT ID FROM USERS WHERE ID = '$participantID'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==0)
{
$sql = "INSERT INTO USERS (ID, PASSWORD) VALUES ('$participantID', '$password')";
echo "Thank you for registering, you can now login:";
?>
<a href= http://www.arihealth.info/index.php>Login Page.</a>
<?php
} else {
echo "Your ID has already been registered:";
?>
<a href= http://www.arihealth.info/registerphp.php>Register Here.</a>
<?php
}
?>
Because you just write your query not execute it. Use mysql_query()
$sql = "INSERT INTO USERS (ID, PASSWORD) VALUES ('$participantID', '$password')";
mysql_query($sql);
Also
$participantID!=$ParticipantID
Change your select query to
$sql = "SELECT ID FROM USERS WHERE ID = '$ParticipantID'";
Your query is open for sql injection check How can I prevent SQL injection in PHP?
Don't store plain password in to database check
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/faq.passwords.php
Note :- mysql is deprecated instead use mysqli OR PDO
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments