Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ini_set('display_errors',1); // enable php error display for easy trouble shooting
- error_reporting(E_ALL); // set error display to all
- session_start();
- require_once "../../config/db.php";
- if(isset($_POST)) {
- // you should validate all inputs and make sure you are getting what you are expecting
- // first you need to check empty
- // second you should use strip_tags for all inputs to avoid xss injection
- // Example: bad user may insert javascript to first name or last name and when you fetch the name, javascript will be loaded
- // Use FILTER_VALIDATE_EMAIL to validate email address http://php.net/manual/en/filter.filters.validate.php
- // check if email exists. If exists echo 'Error' with exit
- // use password_hash instead of MD5 for password http://php.net/manual/en/function.password-hash.php
- // use prepared statement to prevent sql injection https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1
- // to temporary fix your problem
- $check_empty = true;
- foreach ($_POST as $post) {
- if (empty($post)) {
- // value is empty
- $check_empty = false;
- echo "error";
- exit;
- }
- }
- $first_name = mysqli_real_escape_string($conn, $_POST['first_name']);
- $last_name = mysqli_real_escape_string($conn, $_POST['last_name']);
- $email = mysqli_real_escape_string($conn, $_POST['email']);
- $password = mysqli_real_escape_string($conn, $_POST['password']);
- $user_birthday = mysqli_real_escape_string($conn, $_POST['user_birthday']);
- $user_sex = mysqli_real_escape_string($conn, $_POST['user_sex']);
- $password = base64_encode(strrev(md5($password)));
- $dob = date('Y-m-d',strtotime($user_birthday));
- if ($check_empty) {
- $sql = "SELECT email FROM users WHERE email = '$email' LIMIT 1";
- if ($result = $conn->query($sql)) {
- if ($result->num_rows > 0) {
- echo "error";
- exit;
- }
- } else {
- $sql = "INSERT INTO users(first_name, last_name, email, password, user_birthday, user_sex) VALUES ('$first_name', '$last_name', '$email', '$password', '$dob', '$user_sex')";
- if($conn->query($sql)===TRUE) {
- $_SESSION['registeredSuccessfully'] = true;
- echo "ok";
- exit;
- } else {
- echo "error";
- exit;
- }
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement