I just made a register script from scratch, but I’m still going to improve it. Basically I’m testing it first before I improve it – somehow, it doesn’t work…
if(isset($_POST['submit']))
{
$username = mysql_escape_string(trim($_POST['login']));
$password = $_POST['password'];
$vpassword = $_POST['vpassword'];
$email = mysql_escape_string(trim($_POST['email']));
$vemail = mysql_escape_string($trim($_POST['vemail']));
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("jS F Y");
if(!empty($username) || !empty($password) || !empty($vpassword) || !empty($email) || !empty($vemail))
{
if($password == $vpassword && $email == $vemail)
{
$sql = "SELECT username FROM members WHERE username='" . $username . "'";
$result = mysql_query($sql) or die(mysql_error());
if(mysql_affected_rows($result) == 1)
{
echo "The account already exists!";
}
else
{
$sql = "INSERT INTO members
(username, password, email, ip, level, type, signed, hide, hidemail, avatar, notes)
VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $ip . "', '0', '0', '" . $date . "', '1', '1', '', '')";
$result = mysql_query($sql) or die(mysql_error());
}
}
else
{
echo "Please check the fields so that they match";
}
}
else
{
echo "Check the missing fields!";
}
if($result)
{
echo "Account created successfully!";
}
else
{
echo "Error creating account";
}
}
What could be wrong about this…?
Help is appreciated 🙂
You are checking if one of the values is not empty when you use
||. Use&&instead and. This way you are not allowing any field to be empty. So:if(!empty($username) || !empty($password) || ...This means “if any of these is not empty”. Use this instead:
if(!empty($username) && !empty($password) && ...Which means “if there are no empty fields”.