View Full Version : Problem with registration script.

03-04-2012, 04:41 PM
I have a script written to register new members that is really basic but working.

But at the moment I have it going to another page to process the code.

This isnt ideal for error handling.

I have tried numerous things to make the form send the data to the same page
but cant get it to work.

this is my signup.php file as it is now:

$user = "$_POST[username]";
$pass = "$_POST[password]";
$mail = "$_POST[email]";
$date = date('jS M Y');

$ulength = strlen($user);
$user = htmlspecialchars($user);

$stripped = strlen($user);
$con = mysql_connect("localhost","root","");
if (!$con)
die('Could not connect: ' . mysql_error());

if ($ulength <=3 OR $ulength >=30)
echo "the username must be between 3 and 30 characters long.";

else {

mysql_select_db("users", $con);

$sql="SELECT * FROM members WHERE username = '$user'";
$result = mysql_query($sql,$con);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0)
echo "username taken";
else {

$sql="INSERT INTO members (username, password, email, registerdate)
('$user','$pass', '$mail', '$date')";

if (!mysql_query($sql,$con))
die('Error: ' . mysql_error());
echo "1 record added";


<table width="400px"><tr><td>
<form action="signup.php" method="post">
Username: <input type="text" name="username" /><br>
Password: <input type="text" name="password" /><br>
Email: <input type="text" name="email" /><br>
<input type="submit" />

I tried using:


as the form action but it always tried to execute the script regardless of if the form was submitted or not and as such keeps returning username is too short or too long messages.

03-04-2012, 05:37 PM
First thing: If you have a variable like $POST['something'] being stored into another variable directly... you don't need to nor should you wrap it in quotes. By putting it in quotes, you're saying its a string, whether it is or not. Drop those quotes.

Next, personally, you have it kind of backwards... forwarding a form to another page is the ideal way to handle it, precisely for the reasons you're having trouble with. By processing on another page, first, you don't bloat your registration page. Next, all the error checking can be done independently of the page content, then passed along. You can pass back errors via GET or SESSION variables with no issue. Plus, if someone is on their registration page, submits it back to itself, then tries to refresh, they get that message that data needs to be resent... its nasty IMO.

But if you are set on having it on the same page, ERROR CHECK and SANITIZE! Your code is horribly ripe for hacking!

1) On your page, you're immediately defining and submitting a set of POST variables. Since the POST values aren't set, PHP thinks its smart (though it sends a warning) and sets the variables to NULL, and continues on. Why shouldn't it? You haven't told it to check if a form was submitted or not. Check if your submit button was pushed. Give it a name, use if (ISSET($_POST['submit'])) or give it a value and verify with that. Your form is working exactly as its supposed to... you just haven't told it what you actually want it to do. Of course it will tell you the username is too short... NULL is too short.

2) SANITIZE! Nothing should be entering your database unless you know EXACTLY what it is. You need to make sure that the name is actually a name (letters, spaces, and apostrophes). The email should be a valid email format (and no apostrophes). You need to escape any SQL characters.

3) Using tables for layout, SPECIALLY just to make one box, is a BIG no no. Tables are meant to display tabulated data, not for general layout, specially not for a single box. Your code in general needs validation and restructuring; most of it isn't actually going to affect your problem, except for stuff like all inputs must have a name, including your submit.

03-04-2012, 06:12 PM
Thanks for the reply.

I just find tables really easy to work with and manipulate which is why I use them for layout purposes.

And I am struggling with php due to every single tutorial ive read coding in a completely differant way.

for example




do things in completely differant ways.

the first link is the thing that made me think it was the best way to handle errors.

are either of them tutorials reliable?

03-04-2012, 07:47 PM
I personally find W3schools helpful, especially for the basics. But whatever you choose, I'd recommend only having one reference. And when you have all the code on the same page, I usually just leave action blank. (i.e action="")