SHOW:
|
|
- or go back to the newest paste.
| 1 | <?php | |
| 2 | ini_set('display_errors',1); // enable php error display for easy trouble shooting
| |
| 3 | error_reporting(E_ALL); // set error display to all | |
| 4 | session_start(); | |
| 5 | ||
| 6 | require_once "../../config/db.php"; | |
| 7 | ||
| 8 | if(isset($_POST)) {
| |
| 9 | ||
| 10 | // you should validate all inputs and make sure you are getting what you are expecting | |
| 11 | // first you need to check empty | |
| 12 | // second you should use strip_tags for all inputs to avoid xss injection | |
| 13 | // Example: bad user may insert javascript to first name or last name and when you fetch the name, javascript will be loaded | |
| 14 | // Use FILTER_VALIDATE_EMAIL to validate email address http://php.net/manual/en/filter.filters.validate.php | |
| 15 | // check if email exists. If exists echo 'Error' with exit | |
| 16 | // use password_hash instead of MD5 for password http://php.net/manual/en/function.password-hash.php | |
| 17 | // use prepared statement to prevent sql injection https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 | |
| 18 | ||
| 19 | // to temporary fix your problem | |
| 20 | ||
| 21 | $check_empty = true; | |
| 22 | ||
| 23 | foreach ($_POST as $post) {
| |
| 24 | if (empty($post)) {
| |
| 25 | // value is empty | |
| 26 | $check_empty = false; | |
| 27 | echo "error"; | |
| 28 | exit; | |
| 29 | } | |
| 30 | } | |
| 31 | ||
| 32 | $first_name = mysqli_real_escape_string($conn, $_POST['first_name']); | |
| 33 | $last_name = mysqli_real_escape_string($conn, $_POST['last_name']); | |
| 34 | $email = mysqli_real_escape_string($conn, $_POST['email']); | |
| 35 | $password = mysqli_real_escape_string($conn, $_POST['password']); | |
| 36 | $user_birthday = mysqli_real_escape_string($conn, $_POST['user_birthday']); | |
| 37 | $user_sex = mysqli_real_escape_string($conn, $_POST['user_sex']); | |
| 38 | ||
| 39 | $password = base64_encode(strrev(md5($password))); | |
| 40 | $dob = date('Y-m-d',strtotime($user_birthday));
| |
| 41 | if ($check_empty) {
| |
| 42 | $sql = "SELECT email FROM users WHERE email = '$email' LIMIT 1"; | |
| 43 | if ($result = $conn->query($sql)) {
| |
| 44 | - | if ($result->num_rows() > 0) {
|
| 44 | + | if ($result->num_rows > 0) {
|
| 45 | echo "error"; | |
| 46 | exit; | |
| 47 | } | |
| 48 | } else {
| |
| 49 | $sql = "INSERT INTO users(first_name, last_name, email, password, user_birthday, user_sex) VALUES ('$first_name', '$last_name', '$email', '$password', '$dob', '$user_sex')";
| |
| 50 | ||
| 51 | if($conn->query($sql)===TRUE) {
| |
| 52 | $_SESSION['registeredSuccessfully'] = true; | |
| 53 | echo "ok"; | |
| 54 | exit; | |
| 55 | } else {
| |
| 56 | echo "error"; | |
| 57 | exit; | |
| 58 | } | |
| 59 | } | |
| 60 | } | |
| 61 | ||
| 62 | } | |
| 63 | ||
| 64 | ?> |
