0

This is my code for the register controller. I was adding another WHERE validation, but it's just error that i got. My pleassure if anyone can help me.

function doInsert(){
global $mydb;

if(isset($_POST['submit'])){


                    $customer = New Customer(); 
                    $customer->FNAME            = $_POST['FNAME'];
                    $customer->LNAME            = $_POST['LNAME'];      
                    $customer->CITYADD          = $_POST['CITYADD']; 
                    $customer->GENDER           = $_POST['GENDER'];
                    $customer->PHONE            = $_POST['PHONE']; 
                    $customer->CUSUNAME         = $_POST['CUSUNAME'];
                    $customer->CUSPASS          = sha1($_POST['CUSPASS']);  
                    $customer->DATEJOIN         = date('Y-m-d H-i-s');
                    $customer->TERMS            = 1;
                    $customer->create();


                    $email = trim($_POST['CUSUNAME']);
                    $h_upass = sha1(trim($_POST['CUSPASS']));


                    //it creates a new objects of member
                    $user = new Customer();
                    //make use of the static function, and we passed to parameters
                    $res = $user->cusAuthentication($email, $h_upass);
                 
         if(!isset($_POST['proid']) || (isset($_POST['proid']) && empty($_POST['proid']))){
          echo "<script> alert('You are now successfully registered. It will redirect to Homepage. Enjoy our Coffee!'); </script>";
                    redirect(web_root."index.php?q=home");
         }else{
            $proid = $_GET['proid'];
            $id = mysqli_insert_id(); 
            $query ="INSERT INTO `tblwishlist` (`PROID`, `CUSID`, `WISHDATE`, `WISHSTATS`)  VALUES ('{$proid}','{$id}','".DATE('Y-m-d')."',0)";
            $mydb->setQuery($query);
            $mydb->executeQuery();
             echo "<script> alert('You are now successfully registered. It will redirect to your profile. Enjoy our Coffee!'); </script>";
                    redirect(web_root."index.php?q=profile");
         }
     
         

  }
}

Where do i have to add another condition?

Hendriawan Yudhistira
  • 9
  • 3
  • 3
    Code must be provided as text, not pictures - see [ask] please. See also the [tour] – ADyson Aug 24 '21 at 08:18
  • Also if you got an error, please show us the code you tried, and tell us exactly what the error message says - we cannot always guess – ADyson Aug 24 '21 at 08:18
  • And it looks like your code is vulnerable to SQL injection attacks. Please urgently fix that, it's a serious vulnerability. See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – ADyson Aug 24 '21 at 08:20
  • I'm sorry, just finish edited the code – Hendriawan Yudhistira Aug 24 '21 at 08:27
  • Thanks, but - again - if you're getting an error you need to a) show the version of the code which caused the error and b) tell us exactly what the error message says. We can't help you if you don't tell us the exact problem. – ADyson Aug 24 '21 at 09:13

1 Answers1

-1

first of all, your data should be checked during the registration process. The data entered in the new record must be compared with the existing data. For example, e-mail address or phone number or user name should be checked from the database. If there is a person with this information, he/she should issue an error message with the for loop and should not do the operation. You can make an application like this.

Kelleci
  • 1
  • 1