<?php session_start(); $_SESSION['message'] = ''; $msqli = new mysqli

1. <?php
2.   session_start();
3.   $_SESSION['message'] = '';
4.  
5.   $msqli = new mysqli('localhost', 'root', '', 'accounts');
6.  
7.   if ($_SERVER['REQUEST_METHOD'] == 'POST'){
8.     // two passwords are equal to each other
9.     if ( $_POST['password'] == $_POST['confirmpassword'] ){
10.       $username = $mysqli->real_escape_string($_POST['username']);
11.       $email = $mysqli->real_escape_string($_POST['email']);
12.       $password = md5($_POST['password']); // md5 hash password security
13.       $avatar_path =  $mysqli -> real_escape_string('images/'.$_FILES['avatar']['name']);
14.  
15.       // make sure file type is an images
16.       if ( preg_match("!image!", $_FILES['avatar']['type']) ){
17.         // copy image to image folder
18.         if ( copy($_FILES['avatar']['tmp_name'], $avatar_path) ){
19.           $_SESSION['username'] = $username;
20.           $_SESSION['avatar'] = $avatar_path;
21.  
22.           $sql =
23.                  "INSERT INTO users (username, email, password, avatar) "
24.                  . "VALUES ('$username', '$email', '$password', '$avatar_path')";
25.           // if query successful - redirect to welcome page
26.           if ( $msqli -> query($sql) == true ){
27.             $_SESSION['message'] = "Registration successful! Added $username to the database!";
28.             header("location: welcome.php");
29.           }else{
30.             $_SESSION['message'] = "User could not be addedd to the database";
31.           }
32.         }else{
33.           $_SESSION['message'] = "File Upload Failed";
34.         }
35.       }else{
36.         $_SESSION['message'] = "File is not an image (PNG,GIF,JPG,SVG)";
37.       }
38.     }else{
39.       $_SESSION['message'] = "Passwords do not match";
40.     }
41.   }
42. ?>