<!DOCTYPE html><html><head> <title>Register</title></head><body>

1.  
2. <!DOCTYPE html>
3. <html>
4. <head>
5.     <title>Register</title>
6. </head>
7. <body>
8.     <form action="" method="post" name="form1">
9.     <table>
10.         <tr>
11.             <td>Enter your first name*</td>
12.             <td><input type="text" name="fname" required="yes" pattern="^[a-z1-9]+"></td>
13.             <td><p>Username takes only small letters or numbers, no capital letters</p></td>
14.         </tr>
15.         <tr>
16.             <td>Enter your last name*</td>
17.             <td><input type="text" name="lname" required="yes"></td>
18.         </tr>
19.         <tr>
20.             <td>Enter your password*</td>
21.             <td><input type="password" name="pw" required="yes"></td>
22.         </tr>
23.         <tr>
24.             <td>Enter your email adress*</td>
25.             <td><input type="email" name="email" required="yes"></td>
26.         </tr>
27.         <tr>
28.             <td>Enter your username*</td>
29.             <td><input type="text" name="uname" required="yes"></td>
30.         </tr>
31.         <tr>
32.             <td><input type="submit" value="submit" name="submit1"></input></td>
33.         </tr>
34.     </table>
35.     </form>
36.  
37. </body>
38. </html>
39. <?php
40.  
41. if(isset($_POST['submit1']))
42. {
43.     /**
44.      * Your application salt.
45.      */
46.     $myApplicationSalt = '$6$1234567890123456';
47.     /**
48.      * Connect to your database.
49.      */
50.     try
51.     {
52.     $db_server = 'localhost';
53.     $db_name = 'root';
54.     $db_password = "";
55.     $db = "loginregister";
56.     $conn = mysqli_connect($db_server,$db_name,$db_password,$db);
57.      
58.     }
59.     /**
60.      * Here is where you prepare your query.
61.      * This is what you did in your piece of code, but never executed.
62.      */
63.  
64.     /**
65.      * Your passwords should not be stored in plain-text. Ever.
66.      * And as John Conde pointed out, password_hash is the better way to do this.
67.      */
68.     $password = $_POST['pw'];
69.     $firstname = $_POST['fname'];
70.     $lastname = $_POST['lname'];
71.     $username = $_POST['uname'];
72.     $email = $_POST['email'];
73.  
74.     $firstname = mysqli_real_escape_string($conn , $firstname);
75.     $lastname = mysqli_real_escape_string($conn , $lastname);
76.     $username = mysqli_real_escape_string($conn , $username);
77.     $email = mysqli_real_escape_string($conn , $email);
78.     $password = mp5($password);
79.  
80.     $sql = "SELECT email FROM registration WHERE email='".$email."'";
81.     $result = mysqli_query($conn , $sql);
82.     $row = mysqli_fetch_array($result , MYSQLI_ASSOC);
83.     if (mysqli_num_rows($result) == 1) {
84.         echo "Sorry... This email is already in use!";
85.     } else {
86.     $sqlu = "SELECT uname FROM registration WHERE uname='".$username."'";
87.     $result1 = mysqli_query($conn , $sqlu);
88.     $row1 = mysqli_fetch_array($result1 , MYSQLI_ASSOC);
89.     if (mysqli_num_rows($result1) == 1) {
90.         echo "This username is in use! please pick a different one!";
91.     } else {
92.         $query = mysqli_query($conn , "INSERT INTO registration(fname , lname , uname , email , pw)VALUES ('$firstname' , '$lastname' , '$username' , '$email' , '$password')");
93.         }
94.     }
95.  
96.      
97.  ?>