The below code is what I am using to submit my form data. The

Question

0

Asked: June 12, 20262026-06-12T14:06:16+00:00 2026-06-12T14:06:16+00:00

The below code is what I am using to submit my form data. The

0

The below code is what I am using to submit my form data. The form submits just fine and redirects without issue.

When I look at the row data within the database, I notice that companyname, firstname, and lastname are being inserted as 0’s. I also noticed that, while the email address is being inserted into the database, it is dropping the @ and . from the address.

Any help would be appreciated.

<?php
include("inc/conf.inc.php"); // Includes the db and form info.
if (!isset($_POST['submit'])) { // If the form has not been submitted.

} else { // The form has been submitted.
    $companyname = form($_POST['companyname']);
    $firstname = form($_POST['firstname']);
    $lastname = form($_POST['lastname']);
    $username = form($_POST['emailaddress']);
    $password1 = md5($_POST['password1']); // Encrypts the password.
    $password2 = md5($_POST['password2']);

    if (($companyname == "") || ($firstname == "") || ($lastname == "") || ($username == "") || ($password1 == "") || ($password2 == "")) { // Checks for blanks.
        exit("There was a field missing, please correct the form.");
    }

    $q = mysql_query("SELECT * FROM `users` WHERE emailaddress = '$username'") or die (mysql_error()); // mySQL Query
    $r = mysql_num_rows($q); // Checks to see if anything is in the db.

    if ($r > 0) { // If there are users with the same username/email.
        exit("That email address is already in use!");
    } else {
        mysql_query("INSERT INTO `users` (companyname,firstname,lastname,emailaddress,password) VALUES ('$companyname','$firstname','$lastname','$username','$password1')") or die (mysql_error()); // Inserts the user.
    header("Location: thankyou.php"); // Back to login.
    }
}
mysql_close($db_connect); // Closes the connection.
?>




   <?php
$db_user = ""; // Username
$db_pass = ""; // Password
$db_database = ""; // Database Name
$db_host = "localhost"; // Server Hostname
$db_connect = mysql_connect ($db_host, $db_user, $db_pass); // Connects to the database.
$db_select = mysql_select_db ($db_database); // Selects the database.

function form($data) { // Prevents SQL Injection
   global $db_connect;
   $data = preg_replace('/[^A-Za-z0-9_]/', '', $data);
   $data = mysql_real_escape_string(trim($data), $db_connect);
   return stripslashes($data);
}
?>

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T14:06:17+00:00

Any help would be appreciated

So let me start from this 🙂
I’m sorry, but
Your code is extremely unorganized…

Let’s assume that your new config(or lib) file will be similar to this one:

File: config.php

<?php

/**
 * 
 * @param string $host Mysql host
 * @param string $user Mysql username
 * @param string $passw Mysql password
 * @param string $db Mysql database to work with 
 * @return TRUE if could connect and select given database
 */
function connect($host ='ur host', $user='ur username', $passw='ur passw', $db='ur dbname'){
  if ( !mysql_pconnect($host, $user, $passw) ){
     die("Can't connect to SQL server");
   }

  if ( mysql_select_db($db) ){
   die("Can't select database");
  }

 return true;
}

/**
 * Determine whether user has been registered before
 * @param string $email
 * @return boolean
 */
function userAlreadyExists($username){
   if ( connect() ) { //ensure we are connected
      #Prevent injection right here:
      $username = mysql_real_escape_string($username); 

      $result = mysql_query("SELECT * FROM `users` WHERE emailaddress = '$username' LIMIT 1");

      if ( mysql_num_rows($result) > 0){
         # True means that user exists
         return true;
       } else {
         #False means that user do not exists: 
        return false;
       }
   }

  /**
   * 
   * @return boolean
   * TRUE if could insert new row
   * FALSE if this row already exists or error in sql server
   */
  function addNewUser($companyname, $firstname, $lastname, $username, $password1){

  $companyname = mysql_real_escape_string($companyname);
  $firstname = mysql_real_escape_string($firstname);
  $lastname = mysql_real_escape_string($lastname);
  $username = mysql_real_escape_string($username);
  $password1 = md5($password1);

    if ( connect() ){
      return mysql_query("INSERT INTO `users`   (`companyname`,`firstname`,`lastname`,`emailaddress`,`password`) VALUES ('$companyname','$firstname','$lastname','$username','$password1')");

   }

  }

  /**
   * Function that compare password that makes sure
   * if they're the same
   */
  function pass_compare($pass1, $pass2){

    if ($pass1 !== $pass2){
       die("Passwords are not the same");
    }
    return true;
  }

File handler.php

<?php

if ( !empty($_POST) ){ //This code runs when form has been submitted 

 //Maybe we should check if some value is missing, before we connect SQL //server!? 

  #Check if some field is missing:
  foreach ($_POST as $key => $val){

    if ( empty($key) ){
      sprintf('The field %s is missing', $key);
       die();
    }
  }

  #connect mysql server
  connect();

  if (userAlreadyExists($_POST['email'])){

    die(printf('The <b>%s</b> is already in use', $_POST['email']));

  } else {

   if ( pass_compare($_POST['password'], $_POST['password_confirm']) ){  

   addNewUser($_POST['companyname'], $_POST['firstname'], $_POST['lastname'], $_POST['username'], $_POST['password']);
    }
  }


}

This will work for you

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

The below code is what I am using to submit my form data. The

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply