{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ゆ 、 Hurt° 的问题《php registration form complication [closed]》','https://www.manongdao.com/q-1302271.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I created a registration system for my website but it is not working . When i click sign up it takes me to the process page and gives me the else statement but the information goes into the database but gives me the else statements. Also, when the information goes int the database more than one user goes in.
signup.php :
<html>
<head>
<link rel="stylesheet" type="text/css" href="css.css">
<title>Sign Up</title>
</head>
<body bgcolor="#E6E6FA">
<h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
<form name="registration" method="post" action="process2.php">
<p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p>
<br></br>
<p align="right"><input type="password" name="password" size="35" id="Password" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35" id="Password2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
</form>
<h3 style="font-size: 20px"><a href="register.php">Go Back To Home Screen</a></h3>
</body>
</html>
process2.php:
<?php
include("db.php");
if (isset($_POST['submit'])) {
if ($_POST['password'] == $_POST['password2']) {
$username = $_POST['username'];
$pw = $_POST['password'];
$pw2 = $_POST['password2'];
$email = $_POST['email'];
$pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10));
$pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8));
$sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')";
mysqli_query($conn, $sql);
}
if($username > 0){
echo"This username is in use";
} else {
}
}
?>
This is a suggestion and I am sure the eagle eyed Fred-ii- will spot the errors in it, but I believe this to handle the ifs and elses fully
Remember to close connection and sanitize anything submitted from your form before it goes anywhere near your database.
It might be better to evaluate non-matching passwords on the registration page itself with JavaScript rather than submitting the page to validate.
When registration page is included you could put the error on that and keep the values in the textfields if you wanted to - so they could edit what they put in. Fixing a length might give hackers less leeway to submit nasties. So, instead of echoing the message you could make it
$return_message =and have an echo on the registration page for messages.echo $return_message;as the value is still available to the page without it having to be re-posted until it gets corrected and re-submitted by the user.