SHOW:
|
|
- or go back to the newest paste.
1 | <?php | |
2 | ini_set('display_errors',1); // enable php error display for easy trouble shooting | |
3 | error_reporting(E_ALL); // set error display to all | |
4 | session_start(); | |
5 | ||
6 | require_once "../../config/db.php"; | |
7 | ||
8 | if(isset($_POST)) { | |
9 | ||
10 | // you should validate all inputs and make sure you are getting what you are expecting | |
11 | // first you need to check empty | |
12 | // second you should use strip_tags for all inputs to avoid xss injection | |
13 | // Example: bad user may insert javascript to first name or last name and when you fetch the name, javascript will be loaded | |
14 | // Use FILTER_VALIDATE_EMAIL to validate email address http://php.net/manual/en/filter.filters.validate.php | |
15 | // check if email exists. If exists echo 'Error' with exit | |
16 | // use password_hash instead of MD5 for password http://php.net/manual/en/function.password-hash.php | |
17 | // use prepared statement to prevent sql injection https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 | |
18 | ||
19 | // to temporary fix your problem | |
20 | ||
21 | $check_empty = true; | |
22 | ||
23 | foreach ($_POST as $post) { | |
24 | if (empty($post)) { | |
25 | // value is empty | |
26 | $check_empty = false; | |
27 | echo "error"; | |
28 | exit; | |
29 | } | |
30 | } | |
31 | ||
32 | $first_name = mysqli_real_escape_string($conn, $_POST['first_name']); | |
33 | $last_name = mysqli_real_escape_string($conn, $_POST['last_name']); | |
34 | $email = mysqli_real_escape_string($conn, $_POST['email']); | |
35 | $password = mysqli_real_escape_string($conn, $_POST['password']); | |
36 | $user_birthday = mysqli_real_escape_string($conn, $_POST['user_birthday']); | |
37 | $user_sex = mysqli_real_escape_string($conn, $_POST['user_sex']); | |
38 | ||
39 | $password = base64_encode(strrev(md5($password))); | |
40 | $dob = date('Y-m-d',strtotime($user_birthday)); | |
41 | if ($check_empty) { | |
42 | $sql = "SELECT email FROM users WHERE email = '$email' LIMIT 1"; | |
43 | if ($result = $conn->query($sql)) { | |
44 | - | if ($result->num_rows() > 0) { |
44 | + | if ($result->num_rows > 0) { |
45 | echo "error"; | |
46 | exit; | |
47 | } | |
48 | } else { | |
49 | $sql = "INSERT INTO users(first_name, last_name, email, password, user_birthday, user_sex) VALUES ('$first_name', '$last_name', '$email', '$password', '$dob', '$user_sex')"; | |
50 | ||
51 | if($conn->query($sql)===TRUE) { | |
52 | $_SESSION['registeredSuccessfully'] = true; | |
53 | echo "ok"; | |
54 | exit; | |
55 | } else { | |
56 | echo "error"; | |
57 | exit; | |
58 | } | |
59 | } | |
60 | } | |
61 | ||
62 | } | |
63 | ||
64 | ?> |