0

I have a registration script written in PDO. The user is supposed to be re-directed after signing up, but instead, they stay on the same page.

Here's my database connection:

$db_username = "username";
$db_password = "password";

$con = new PDO("mysql:host=localhost;dbname=database", $db_username, $db_password);

Here's my registration script:

<?php

if(isset($_POST['submit'])) {

$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];

if (empty($username)) {
    $errorusername = 'Please enter a username';
}else{

    if (empty($password)) {
        $errorpassword = 'Please enter a password';
    }else{

        if (empty($email)) {
            $erroremail = 'Please enter an email.';
        }else{

            $password = md5($password);

            $checkusername = $stmt = $con->prepare("SELECT * FROM users WHERE username=':username'");
            if (mysqli_num_rows($checkusername) == 1)
            {
                echo "Username already exists.";
            }else{

                $status = 'Hello there!';
                $about = 'Hello!';

                $stmt = $con->prepare("INSERT INTO users (username, password, email, status, about) VALUES (:username, :password, :email, :status, :about)");

                $stmt->bindParam(':username', $_POST['username']);
                $stmt->bindParam(':password', md5($_POST['password']));
                $stmt->bindParam(':email', $_POST['email']);
                $stmt->bindParam(':status', $status);
                $stmt->bindParam(':about', $about);
                $stmt->execute();

                header('Location: index.php');
            }
        }
    }
}
}

?>

<form method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="email" name="email">
<?php echo $errorusername = !empty($errorusername) ? $errorusername : ''; ?>
<?php echo $errorpassword = !empty($errorpassword) ? $errorpassword : ''; ?>
<?php echo $erroremail = !empty($erroremail) ? $erroremail : ''; ?>
<input type="submit" name="submit">
</form>

Also, I only just switched my code from MYSQLI to PDO - are there any obvious errors as I'm not fully experienced with it.

wogsland
  • 9,106
  • 19
  • 57
  • 93
thebob23
  • 1
  • 1

1 Answers1

0

use your select statement like below -

if(isset($_POST['submit'])) {

$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];

if(empty($username)) {
$errorusername = 'Please enter a username';
}else{

if(empty($password)) {
$errorpassword = 'Please enter a password';
}else{

if(empty($email)) {
$erroremail = 'Please enter an email.';
}else{

$password = md5($password);

$stmt = $con->prepare("SELECT * FROM users WHERE username=':username'");
$stmt->bindParam(':username', $username);
$stmt->execute();
$total = $stmt->rowCount();
if($total == 1)
{
echo "Username already exists.";
}else{

$status = 'Hello there!';
$about = 'Hello!';


$stmt = $con->prepare("INSERT INTO users (username, password, email, status, about) VALUES (:username, :password, :email, :status, :about)");

$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':password', md5($_POST['password']));
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':status', $status);
$stmt->bindParam(':about', $about);
$stmt->execute();

header('Location: index.php');
}
}
}
}
}

?>

<form method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="email" name="email">
<?php echo $errorusername = !empty($errorusername) ? $errorusername : ''; ?>
<?php echo $errorpassword = !empty($errorpassword) ? $errorpassword : ''; ?>
<?php echo $erroremail = !empty($erroremail) ? $erroremail : ''; ?>
<input type="submit" name="submit">
</form>
Martin
  • 22,212
  • 11
  • 70
  • 132
Aman Attari
  • 181
  • 3
  • 12