Untitled

register.php-

<table width="294" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#FFFFFF" bordercolor="#FFFFFF">
<tr>
<form name="form1" method="post" action="index.php?id=register_send">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC" bordercolor="#66FF33">
<tr>
<td colspan="3"><center><strong>Geckoville Registration</strong></center></td>
</tr>
<tr>
<td width="78"><div align=right>Username: </align></td>
<td width="294"><input name="myusername" type="text" id="uname"></td>
</tr>
<tr>
<td><div align=right>Password: </align></td>
<td><input name="mypassword" type="password" id="pwd"></td>
</tr>
<tr>
<td><div align=right>Confirm Password: </align></td>
<td><input name="mypassword" type="password" id="pwd2"></td>
</tr>
<tr>
<td colspan="3"><center><input type="submit" name="Register!" value="submit"></center></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

register_send.php-

<?php
require('db.php');
if(isset($_POST['submit'])) {
   if(!isset($_POST['uname'])) {
      $error="You did not enter a username.";
   }
   elseif(!isset($_POST['pwd'])) {
      $error="You did not enter a password.";
   }
   elseif(!isset($_POST['pwd2'])) {
      $error="You need to confirm your password.";
   }
   elseif($_POST['pwd'] != $_POST['pwd2']) {
      $error="Your passwords do not match.";
   }
   $sql = "SELECT * FROM members WHERE username = '.$_POST[uname].'";
   $result = mysql_query($sql,$con);
   $ucheck = mysql_num_rows($result);
   if($ucheck != 0) {
      $error="Sorry, that username is taken. Please press the back button and choose another.";
   }
   elseif (!$error) {
      $uname = mysql_real_escape_string(htmlentities($_POST['uname'], ENT_QUOTES);
      $pwd = mysql_real_escape_string($_POST['pwd']);
      $pwd2 = mysql_real_escape_string($_POST['pwd2']);
      mysql_query("INSERT INTO members (username, password) VALUES ($uname, $pwd)");
      echo "You have successfully registered.";
   }
   else
   {
      print $error;
   }
}
?>