Register user (php & mysql) not inserting user into mysql (no error)

Question

My code is below:

<?php

require("db.php");

if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])){

    //prevent SQL injections
    $username = mysql_real_escape_string($_POST['username']);
    $email = mysql_real_escape_string($_POST['email']);

    //get MD5 hash of password
    $password = md5($_POST['password']);

    //check to see if username exists
    $sql = mysql_query("SELECT Username FROM Users WHERE Username = '".$username."'");

    if(mysql_num_rows($sql)>0){
        die ("Username taken. Please pick a different Username");
    }

    mysql_query("INSERT INTO Users (Username, Password, Email, UserType)
                VALUES ('$username','$password','$email','3')") 
        or die (mysql_error()); 

    echo "Account Created.";
}    
?>

<html>
    <form action="register.php" method="post">
        Username: <input name="username" ID="username" type="text"/><br>
        Password: <input name"password" id="password" type="password"/><br>
        Email: <input name="email" id="email" type="text" /><br>
        <input type = "submit" value = "Submit"/>

    </form>

</html>

I'm unsure as to why my users aren't being created. I've tried researching for the last few hours, but I'm not sure why this is erroring... it looks right to me...

If anyone could be of any help, that would be great. Thanks.

EDIT:

<?php

session_start();

$host="<myDBHost>"; // Host name 
$localusername="<myDBusername>";
$localpassword="<myDBpassword";
$database_name="<mydbName>";

mysql_connect("$host", "$localusername", "$localpassword")
    or die("An error occured while establishing a connection to the DB.");
mysql_select_db($database_name);

Do not use `md5()` on passwords. you should use a salt and hashing algorithm. and .................... [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). — ROY Finley, Jan 15 '13 at 00:43

score 1 · Answer 1 · edited May 25 '19 at 14:33

See how you set the use of a variable here:

"SELECT Username FROM Users WHERE Username = '".$username."'"

You need to always do this throughout your script:

"INSERT INTO Users (Username, Password, Email, UserType)
            VALUES ('".$username."','".$password."','".$email."','3')"

There are other ways to do this, but just choose one and stick with it.

And as I stated above:

Do not use md5() on passwords. You should use a salt and hashing algorithm. And please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Okay this is a frame based off of your code that will help you get started in the right direction with mysqli. Remember you still need to always validate user input and also hash and salt the password. There are also better ways to display your errors. I did them this way to help you debug your script.

    <?php
session_start();
define("DB_HOST", "your host");     
define("DB_USERNAME", "your username");          
define("DB_PASSWORD", "your password"); 
define("DB_NAME", "database name");

if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))
    {
    $Mysqli = new mysqli(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME);
        if ($Mysqli->connect_errno)
            {
                echo "Failed to connect to MySQL: (" . $Mysqli->connect_errno . ") " . $Mysqli->connect_error;
                $Mysqli->close();
            }   
    //prevent SQL injections you should validate these with form validation functions
    $username = $_POST['username'];
    $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
    //get MD5 hash of password - this should be hashed and salted
    $password = md5($_POST['password']);
    //first query check if user name exist
    $query = "SELECT Username FROM Users WHERE Username = ?";

    if(!$stmt = $Mysqli->prepare($query))
          {
             echo "Failed to Prepare Query: (" . $stmt->errno . ") " . $stmt_error;

          }
    if(!$stmt->bind_param("s",$username))
          {
             echo "Failed to bind Query: (" . $stmt->errno . ") " . $stmt_error;
          }
    if($stmt->execute())
         {    
            $stmt->store_result();
            if($stmt->num_rows>0)
                {
                    die ("Username taken. Please pick a different Username");
                }
            $stmt->free_result();
        }
    //second query put user in database 
    $query = "INSERT INTO Users (Username, Password, Email, UserType)VALUES (?,?,?,?)";

    if(!$stmt = $Mysqli->prepare($query))
          {
             echo "Failed to Prepare Query: (" . $stmt->errno . ") " . $stmt_error;

          }
    if(!$stmt->bind_param("sssi",$username,$password,$email,3))
          {
             echo "Failed to bind Query: (" . $stmt->errno . ") " . $stmt_error;
          }
    if($stmt->execute())
         {    
            echo "Account Created.";
            $stmt->close();
        }
        else
            {   
                echo "Could not create account at this time.";
            }
    }
    else
        {
?>

<html>
    <form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
        Username: <input name="username" ID="username" type="text"/><br>
        Password: <input name"password" id="password" type="password"/><br>
        Email: <input name="email" id="email" type="text" /><br>
        <input type = "submit" value = "Submit"/>

    </form>

</html>

<?PHP
}
?>

You are welcome hope it helps, and here is a link to [Hashing Passwords](http://crackstation.net/hashing-security.htm#phpsourcecode) — ROY Finley, Jan 15 '13 at 00:57
Oops, unable to edit: I didn't notice that mysql_* functions were deprecated (I just started using PHP today). Do you know why my code, even though I have tried your suggestion multiple times (in pure frustration) still doesn't work? — Deo, Jan 15 '13 at 01:06
No errors I can see. I've even tried adding an echo after the query to see if I can get ANYTHING, but after I hit "submit" it literally does nothing but reset everything to default. — Deo, Jan 15 '13 at 01:16
make sure your connection to mysql is there. how are you connecting in db.php — ROY Finley, Jan 15 '13 at 01:26
I have edited my above post to include the connection portion of my db.php Thanks for looking. — Deo, Jan 15 '13 at 01:31

Register user (php & mysql) not inserting user into mysql (no error)

1 Answers1