I am trying to allow for user registration, and the code comes back without any errors, but nothing shows up in my db. I can’t for the life of me find out why. I don’t see anything wrong, but maybe one of you can help me?
Here’s the full php file:
<?php
require "includes/constants.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME);
if(isset($_POST['username'])) {
$username = $_POST['username'];
$uLength = strlen($username);
}
if ($uLength >= 4 && $uLength <= 15)
{
}
else
{
die("Your username must be between 4 and 15 characters.");
}
if($username == "")
{
die("You didn't tell me what to call you! Please enter a username.");
}
if(isset($_POST['pwd'])) {
$pwd = $_POST['pwd'];
$pLength = strlen($pwd);
}
if ($pLength >= 6 && $pLength <= 41)
{
}
else
{
die("Password must be between 6 and 41 characters.");
}
if($pwd == "")
{
die("Please enter a password and verify it.");
}
if(isset($_POST['pwd_conf'])) {
$pwd_conf = $_POST['pwd_conf'];
}
if($pwd != $pwd_conf)
{
die("Ouch! Your passwords don't match! Try again.");
}
if(isset($_POST['email'])) {
$email = $_POST['email'];
$email1 = "@";
$email_check = strpos($email,$email1);
}
$user_check = "SELECT username FROM users WHERE username='$username'";
if($stmt = mysqli_prepare($conn,$user_check)) {
mysqli_stmt_execute($stmt);
if(mysqli_stmt_num_rows($stmt) > 0){
die("Username is already in use!<br>");
}
}
$query = "INSERT INTO users (username, password, email) VALUES ('$username', '$pwd', '$email')";
if(!$query)
{
die("Unfortunately, we can't sign you up because we have problems: ".mysql_error());
}
else
{
header("Location: login.php");
}
?>
You build a query string, but then never never execute it…
Also note that you’re mixing mysqli and mysql calls (mysql_error call in particular after you define the INSERT query.. The two libraries are NOT interchangeable and NOT compatible with each other
Also note that while you ARE using prepared statements (yay!) you’re using them utterly incorrectly (boo hiss) and are vulnerable to SQL injection attacks.