Php registration form not submitting to database

Question

1.00/5 (1 vote)

See more:

The error code "You cant sign up at this time, try again later" keeps popping up anytime anyone tries so register. What could be wrong?

0){
while($result = mysqli_fetch_assoc($run_query334)){
$who = $result['username'];
}
}else{
header("location: index.php");
}
}else{
$who = "none";
}
?>
0){
$message_failure = "Registration failed try again";
}else{
$query1 = "SELECT * FROM registration WHERE email = '{$email}'";
$run_query1 = mysqli_query($connection, $query1);

if(mysqli_num_rows($run_query1) > 0){
$message_failure = "Email already exists";
}else{
$query22 = "SELECT * FROM registration WHERE username = '{$username}'";
$run_query22 = mysqli_query($connection, $query22);

if(mysqli_num_rows($run_query22) > 0){
$message_failure = "Username already exists";
}else{
$query55 = "INSERT INTO registration (first_name,last_name,email,password,user_pass,phone,referal,username,wallet,who_refered,reg_date,reg_time,block) VALUES ('{$fname}','{$lname}','{$email}','{$password}','{$pass}','{$phone}','{$rand4}','{$username}','{$rand}','{$who}','{$reg_date}','{$time2}','{$block}')";
$run_query55 = mysqli_query($connection, $query55);

if($run_query55 == true){
$query = "UPDATE registration SET status = '{$online}' WHERE email = '{$email}'";
$run_query = mysqli_query($connection, $query);

$query578 = "SELECT * FROM registration WHERE email = '{$email}' AND username = '{$username}'";
$run_query578 = mysqli_query($connection, $query578);

$subject = "Account Opening Notification";
require'phpmailer/PHPMailerAutoload.php';
$mail = new PHPMailer;

$mail->Host='smtp.godaddy.com';
$mail->Port=465;
$mail->SMTPAuth=true;
$mail->SMTPSecure='ssl';
$mail->Username='username';
$mail->Password='password';

$mail->setFrom('support@site.com', 'site');
$mail->addAddress($email);
$mail->addReplyTo('support@site.com', 'site');

$mail->isHTML(true);
$mail->Subject='Welcome:'.$subject;
$mail->Body='

Dear '.$username.',

You have successfully created an account with the worlds leading company

we anticipate walking along this great path with you

';

if(!$mail->send()){
$message_failure = "Registration not successful";
}else{
while($result = mysqli_fetch_assoc($run_query578)){
$user_id = $result['id'];

$_SESSION['user_id']= $user_id;
header("location: user_dashboard.php?p=dashboard");

/*$message = "You have successfully created your account, Check your email to activate your account";

header("location: login.php");*/
}
}
}else{
$message_failure = "You cant sign up at this time, try again later";
}
}
}
}
}
?>

What I have tried:

I have virtually anything I could think of. Right now I'm feeling dejected. Need your help guys!

Posted 30-Jan-20 4:29am

nedclint

Updated 4-Feb-20 13:47pm

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2020-01-30T05:10:00

The number of things that are wrong with that code doesn't start with the problem you have found, it's much worse than that.

Let's start with "letting your users delete your database withou even registering", shall we? Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'

The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'

Which SQL sees as three separate commands:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';

A perfectly valid SELECT

SQL

DROP TABLE MyTable;

A perfectly valid "delete the table" command

SQL

--'

And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

And to do it in sign in or registration code is just too silly for words!

And lets continue with passwords ... this is PHP code, so it's web based. Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^] - the code is C# but it's pretty obvious.

And remember: as this is web based, if you have any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and store them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.

Patrice T · Answer 2 · 2020-02-04T13:48:00

Quote:
Php registration form not submitting to database

When your code don't behave as expected, the debugger is the tool of choice.
-----
Your code do not behave the way you expect, or you don't understand why !

There is an almost universal solution: Run your code on debugger step by step, inspect variables.
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
There is no magic in the debugger, it don't know what your code is supposed to do, it don't find bugs, it just help you to by showing you what is going on. When the code don't do what is expected, you are close to a bug.
To see what your code is doing: Just set a breakpoint and see your code performing, the debugger allow you to execute lines 1 by 1 and to inspect variables as it execute.

Debugger - Wikipedia, the free encyclopedia[^]

Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[^]
Basic Debugging with Visual Studio 2010 - YouTube[^]

phpdbg | php debugger[^]
Debugging techniques for PHP programmers[^]

The debugger is here to only show you what your code is doing and your task is to compare with what it should do.
-----
Advice: Learn to indent properly your code, it show its structure and it helps reading and understanding. It also helps spotting structures mistakes.

Indentation style - Wikipedia[^]

Professional programmer's editors have this feature and others ones such as parenthesis matching and syntax highlighting.
Notepad++ Home[^]
ultraedit[^]

Php registration form not submitting to database

Dear '.$username.',

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0