API tools faq
paste
Advertisement
michaelyuen

Untitled

michaelyuen
Apr 21st, 2018
137
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.08 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. session_start();
  4.  
  5. require_once "../../config/db.php";
  6.  
  7. if(isset($_POST)) {
  8.  
  9.     // you should validate all inputs and make sure you are getting what you are expecting
  10.     // first you need to check empty
  11.     // second you should use strip_tags for all inputs to avoid xss injection
  12.     // Example: bad user may insert javascript to first name or last name and when you fetch the name, javascript will be loaded
  13.     // Use FILTER_VALIDATE_EMAIL to validate email address http://php.net/manual/en/filter.filters.validate.php
  14.     // check if email exists. If exists echo 'Error' with exit
  15.     // use password_hash instead of MD5 for password http://php.net/manual/en/function.password-hash.php
  16.     // use prepared statement to prevent sql injection https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1
  17.    
  18.     // to temporary fix your problem
  19.    
  20.     $check_empty = true;
  21.    
  22.     foreach ($_POST as $post) {
  23.         if (empty($post)) {
  24.             // value is empty
  25.             $check_empty = false;
  26.             echo "error";
  27.             exit;
  28.         }
  29.     }
  30.  
  31.     $first_name = mysqli_real_escape_string($conn, $_POST['first_name']);
  32.     $last_name = mysqli_real_escape_string($conn, $_POST['last_name']);
  33.     $email = mysqli_real_escape_string($conn, $_POST['email']);
  34.     $password = mysqli_real_escape_string($conn, $_POST['password']);
  35.     $user_birthday = mysqli_real_escape_string($conn, $_POST['user_birthday']);
  36.     $user_sex = mysqli_real_escape_string($conn, $_POST['user_sex']);
  37.  
  38.     $password = base64_encode(strrev(md5($password)));
  39.     $dob = date('Y-m-d',strtotime($user_birthday));
  40.     if ($check_empty) {
  41.         $sql = "SELECT email FROM users WHERE email = '$email' LIMIT 1";
  42.         if ($result = $conn->query($sql)) {
  43.             if ($result->num_rows() > 0) {
  44.                 echo "error";
  45.                 exit;
  46.             }
  47.         } else {
  48.             $sql = "INSERT INTO users(first_name, last_name, email, password, user_birthday, user_sex) VALUES ('$first_name', '$last_name', '$email', '$password', '$dob', '$user_sex')";
  49.  
  50.             if($conn->query($sql)===TRUE) {
  51.                 $_SESSION['registeredSuccessfully'] = true;
  52.                 echo "ok";
  53.                 exit;
  54.             } else {
  55.                 echo "error";
  56.                 exit;
  57.             }  
  58.         }
  59.     }
  60.  
  61. }
  62.  
  63. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!