<?php session_start();require_once "../../config/db.php";if(isset($_

1. <?php
2.  
3. session_start();
4.  
5. require_once "../../config/db.php";
6.  
7. if(isset($_POST)) {
8.  
9.     // you should validate all inputs and make sure you are getting what you are expecting
10.     // first you need to check empty
11.     // second you should use strip_tags for all inputs to avoid xss injection
12.     // Example: bad user may insert javascript to first name or last name and when you fetch the name, javascript will be loaded
13.     // Use FILTER_VALIDATE_EMAIL to validate email address http://php.net/manual/en/filter.filters.validate.php
14.     // check if email exists. If exists echo 'Error' with exit
15.     // use password_hash instead of MD5 for password http://php.net/manual/en/function.password-hash.php
16.     // use prepared statement to prevent sql injection https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1
17.    
18.     // to temporary fix your problem
19.    
20.     foreach ($_POST as $post) {
21.         if (empty($post)) {
22.             // value is empty
23.             echo "error";
24.             exit;
25.         }
26.     }
27.  
28.     $first_name = mysqli_real_escape_string($conn, $_POST['first_name']);
29.     $last_name = mysqli_real_escape_string($conn, $_POST['last_name']);
30.     $email = mysqli_real_escape_string($conn, $_POST['email']);
31.     $password = mysqli_real_escape_string($conn, $_POST['password']);
32.     $user_birthday = mysqli_real_escape_string($conn, $_POST['user_birthday']);
33.     $user_sex = mysqli_real_escape_string($conn, $_POST['user_sex']);
34.  
35.     $password = base64_encode(strrev(md5($password)));
36.     $dob = date('Y-m-d',strtotime($user_birthday));
37.    
38.     $sql = "SELECT email FROM users WHERE email = '$email' LIMIT 1";
39.     if ($result = $conn->query($sql)) {
40.         if ($result->num_rows() > 0) {
41.             echo "error";
42.             exit;
43.         }
44.     } else {
45.         $sql = "INSERT INTO users(first_name, last_name, email, password, user_birthday, user_sex) VALUES ('$first_name', '$last_name', '$email', '$password', '$dob', '$user_sex')";
46.  
47.         if($conn->query($sql)===TRUE) {
48.             $_SESSION['registeredSuccessfully'] = true;
49.             echo "ok";
50.             exit;
51.         } else {
52.             echo "error";
53.             exit;
54.         }  
55.     }
56.  
57.  
58. }
59.  
60. ?>