API tools faq
paste
Advertisement
michaelyuen

Untitled

michaelyuen
Apr 21st, 2018
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.21 KB | None | 0 0
raw download clone embed print report diff
  1. <?php
  2. ini_set('display_errors',1); // enable php error display for easy trouble shooting
  3. error_reporting(E_ALL); // set error display to all
  4. session_start();
  5.  
  6. require_once "../../config/db.php";
  7.  
  8. if(isset($_POST)) {
  9.  
  10.     // you should validate all inputs and make sure you are getting what you are expecting
  11.     // first you need to check empty
  12.     // second you should use strip_tags for all inputs to avoid xss injection
  13.     // Example: bad user may insert javascript to first name or last name and when you fetch the name, javascript will be loaded
  14.     // Use FILTER_VALIDATE_EMAIL to validate email address http://php.net/manual/en/filter.filters.validate.php
  15.     // check if email exists. If exists echo 'Error' with exit
  16.     // use password_hash instead of MD5 for password http://php.net/manual/en/function.password-hash.php
  17.     // use prepared statement to prevent sql injection https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1
  18.    
  19.     // to temporary fix your problem
  20.    
  21.     $check_empty = true;
  22.    
  23.     foreach ($_POST as $post) {
  24.         if (empty($post)) {
  25.             // value is empty
  26.             $check_empty = false;
  27.             echo "error";
  28.             exit;
  29.         }
  30.     }
  31.  
  32.     $first_name = mysqli_real_escape_string($conn, $_POST['first_name']);
  33.     $last_name = mysqli_real_escape_string($conn, $_POST['last_name']);
  34.     $email = mysqli_real_escape_string($conn, $_POST['email']);
  35.     $password = mysqli_real_escape_string($conn, $_POST['password']);
  36.     $user_birthday = mysqli_real_escape_string($conn, $_POST['user_birthday']);
  37.     $user_sex = mysqli_real_escape_string($conn, $_POST['user_sex']);
  38.  
  39.     $password = base64_encode(strrev(md5($password)));
  40.     $dob = date('Y-m-d',strtotime($user_birthday));
  41.     if ($check_empty) {
  42.         $sql = "SELECT email FROM users WHERE email = '$email' LIMIT 1";
  43.         if ($result = $conn->query($sql)) {
  44.             if ($result->num_rows > 0) {
  45.                 echo "error";
  46.                 exit;
  47.             }
  48.         } else {
  49.             $sql = "INSERT INTO users(first_name, last_name, email, password, user_birthday, user_sex) VALUES ('$first_name', '$last_name', '$email', '$password', '$dob', '$user_sex')";
  50.  
  51.             if($conn->query($sql)===TRUE) {
  52.                 $_SESSION['registeredSuccessfully'] = true;
  53.                 echo "ok";
  54.                 exit;
  55.             } else {
  56.                 echo "error";
  57.                 exit;
  58.             }  
  59.         }
  60.     }
  61.  
  62. }
  63.  
  64. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!