Search code examples
phpregistration

PHP Registration Script - Insert Data

This may be the most simplest errors ever but I've written a registration script.. which I would say looks okay.. only issue is that it won't insert data... it still prints a message saying registration successful but no data actually goes into the database... see code below:

<?php

include("dbconfig.php");

if(isset($_POST['register'])){

if(empty($_POST['first-name']) or empty($_POST['last-name']) or empty($_POST['email-address']) or empty($_POST['reg-username']) or empty($_POST['reg-pass'])){

    header("location:index-login-page.php?msg0=Please complete the required fields.");


}

else {

    $fname = $_POST['first-name'];
    $lname = $_POST['last-name'];
    $email = $_POST['email-address'];
    $username = $_POST['reg-username'];
    $pass = $_POST['reg-pass'];

    $checkusername = mysql_query("SELECT username FROM users WHERE username = '$username'");
    $checkemail = mysql_query("SELECT email FROM users WHERE email = '$email'");
    $resultusername = mysql_num_rows($checkusername);
    $resultemail  = mysql_num_rows($checkemail);

    if( (($resultusername) ==1) or ($resultemail)==1){
        header("location:index-login-page.php?msg1= Username or email address already exists.");

    }

    elseif( (($resultusername) == 0) && ($resultemail) ==0) {

        $insertquery =("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
            header("location:index-login-page.php?msg1= Registration successful, please login.");

    }

}

}

?>

Please do let me know what the error is (if there is one) because I can't seem to find it. Thanks.

Sohail.

Solution 
  • $insertquery = ("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");

    Should be:

    $insertquery = mysql_query("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");

    I have to warn you though: this is considered bad practice, you need to sanitize your database input