Case 1: Empty fields -> update into database too(wrong!).
Case 2: Register email is not valid -> update into database too(wrong!).
Case 3: Username already exist -> update into database too(wrong!).
the system shouldn't update the database if the cases above happen but it does update nor matter how.
can anyone please check for me ? Thank you so much and i appreciate that a lots ^^
Part of register.php
PHP Code:
<?php
if (isset ($_POST['register_username'], $_POST['register_email'])){
$password1=0;
$password2=0;
$password3=0;
$password4=0;
$password5=0;
$register_username = $_POST["register_username"];
$register_email = $_POST["register_email"];
$password1 = $_POST["pass1"];
$password2 = $_POST["pass2"];
$password3 = $_POST["pass3"];
$password4 = $_POST["pass4"];
$password5 = $_POST["pass5"];
$errors = array();
if (empty($register_username) || empty($register_email) || empty($password1) || empty($password2) || empty($password3) || empty($password4) || empty($password5)){
$error[] = '';
?>
<script type = "text/javascript">
alert("Please fill in all fields.");
</script>
<?php
}else{
if (filter_var($register_email, FILTER_VALIDATE_EMAIL) === false) {
$error[] = '';
?>
<script type = "text/javascript">
alert("Email address not valid.");
</script>
<?php
}
if (strlen($register_username) > 30 || strlen($register_email >255)){
$error[] = '';
?>
<script type = "text/javascript">
alert("One or more fields contain too many characters.");
</script>
<?php
}
if (user_exists($register_username) === true){
$error[] = '';
}
}
if (!empty($errors)) {
foreach ($errors as $error) {
?>
<script type = "text/javascript">
alert("Registration error. Please try again.");
</script>
<?php
}
} else {
$register = user_register($register_username, $password1, $password2, $password3, $password4, $password5, $register_email);
$_SESSION['customer_email'] = $register;
?>
<script type = "text/javascript">
alert("Your have successfully registered!");
location = "welcome.php";
</script>
<?php
exit();
}
}
?>
Part of user.func.php
PHP Code:
function user_register($customer_username, $customer_pass1, $customer_pass2, $customer_pass3, $customer_pass4, $customer_pass5, $customer_email){
$customer_username = mysql_real_escape_string($customer_username);
$customer_pass1 = mysql_real_escape_string($customer_pass1);
$customer_pass2 = mysql_real_escape_string($customer_pass2);
$customer_pass3 = mysql_real_escape_string($customer_pass3);
$customer_pass4 = mysql_real_escape_string($customer_pass4);
$customer_pass5 = mysql_real_escape_string($customer_pass5);
$customer_email = mysql_real_escape_string($customer_email);
mysql_query("INSERT INTO `customerdetail` VALUES ('$customer_username', '$customer_pass1', '$customer_pass2', '$customer_pass3', '$customer_pass4', '$customer_pass5', '$customer_email')");
}
function user_exists($customer_username){
$customer_username = mysql_real_escape_string($customer_username);
$query = mysql_query ("SELECT COUNT(customer_email) FROM `customerdetail` WHERE `customer_username` = '$customer_username'");
return (mysql_result($query, 0) == 1) ? true : false;
}
Before you post, read our: 
