Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Dec 2014
    Lahore, Pakistan
    Thanked 0 Times in 0 Posts

    Post PHP Registration Script

    This script can help you creating a registration system in PHP.
    $con = mysqli_connect("host", "username", "password", "db_name") or die("Failed to connect to database.");
    $fname = $_POST["fname"];
    $lname = $_POST["lname"];
    $email = $_POST["email"];
    $password = $_POST["password"];
    $sql = "INSERT INTO users(FirstName, LastName, Email, Password) VALUES('$fname', '$lname', '$email', '$password');";
    $result = mysqli_query($con, $sql);
    if($result) {
       echo "<p>Your account has been created successfully.</p>";
    } else {
       echo "<p>Cannot create your account.</p>";

  • #2
    Regular Coder
    Join Date
    Dec 2012
    Thanked 1 Time in 1 Post
    Very useful and simpler than mine.

  • #3
    New to the CF scene
    Join Date
    Jul 2015
    Thanked 0 Times in 0 Posts
    Would this method be considered "out of date" and insecure?

  • #4
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Denver, Colorado USA
    Thanked 358 Times in 350 Posts
    The posted code is basically an example of an INSERT query, a common task that's posted 100's of thousandths of times in database documentation and all over the web. It's not secure or even close to how a real user registration system would be written.

    A good user registration system would have the following features -

    1) Check if a form was actually submitted before running any of the form processing code.

    2) Trim (except for the password field) and validate all the user supplied input to insure it is not empty and is of an expected format. Produce and display any validation errors when redisplaying the registration form. Also, repopulate the already entered values (except for the password field) when redisplaying the registration form.

    3) Protect against sql injection and special sql characters in the values being put into the sql statement, by either escaping them or using prepared queries.

    4) Use a good method of password hashing to protect your user's passwords stored in the database table. See php's password_hash() and password_verify() functions.

    5) Enforce uniqueness in the email (and username if present) value by defining that column to be a unique index.

    6) Check for query errors before trying to use the result from the query. A duplicate email value should produce a duplicate key error (a 1062 error number) that should be tested for and reported back to the user - 'The email address already exists and cannot be used'. All other query errors should be logged (along with any connection errors) and a generic user error message should be output. Only if the query runs without any errors and the row was inserted into the database table (see mysqli_affected_rows() ) should a success message be output to the user.

    7) After successfully processing a post method form (no errors), you should execute a header() redirect to the same page to cause a get request for the page. This stops the browser from trying to resubmit the form data should you refresh or browse back to the same page. Any success message that's produced would be passed as a session variable to be displayed once when the page is redisplayed.

    A really good registration system should use email verification, where you send an email to the entered email address with a link in it that must be clicked to activate the just created account.
    Last edited by CFMaBiSmAd; 07-19-2015 at 01:04 PM.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts