0

Can someone please explain to me why the code that I have not commented out here is still inserting into my Data base, even when I leave the Sign Up forms input values blank?

Thanks!

PHP

<?php

        require_once("connection.php");

    if ($_POST['submit'] == "Sign Up") {

        if (!$_POST['email']) { $error.="<br />Please enter your email"; 

        } else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $error.="<br />Please enter a valid email address";

        } if (!$_POST['password']) { $error.="<br />Please enter your password";

        } else if (strlen($_POST['password']) <8) { $error.="<br />Please enter a password of at least 8 characters in length";

        } if (!preg_match('`[A-Z]`', $_POST['password'])) { $error.="<br />Please enter at least one Uppder Case charater";

        }

        if ($error) { echo "There were error(s) in your signup details:".$error;

        } else {

                $query = "SELECT * FROM `users` WHERE `email`='".mysqli_real_escape_string($link, $_POST['email'])."'";

                $result = mysqli_query($link, $query);

                $results = mysqli_num_rows($result);

        } if ($results) { echo "That email address is already in registered. Do you want to log in?"; 

        } else {

                $query = "INSERT INTO `users` (`email`, `password`) VALUES ('".mysqli_real_escape_string($link, $_POST['email'])."', '".md5(md5($_POST['email']).$_POST['password'])."')";

                mysqli_query($link, $query);

                echo "You&apos;ve been signed up!";

        }

    }

        //if ($_POST['submit'] == "Log In") {

                //$query = "SELECT * FROM `users` WHERE `email` = '".mysqli_real_escape_string($link, $_POST['loginemail'])."' AND `password` = '".md5(md5($_POST['loginemail']).$_POST['loginpassword'])."' LIMIT 1";

                //$result = mysqli_query($link, $query);

                //$row = mysqli_fetch_array($result);

        //} if ($row) {

                //$_SESSION['id']=$row['id'];

                //print_r($_SESSION);

        //} else {

                //echo "We could not find a user with that email and password. Please try again.";

    //}
?>

HTML

<form method="post">

    <input type="email" name="email" id="email" placeholder="Your Email" value="<?php echo addslashes($_POST['email']);?>" />

    <input type="password" name="password" id="password" placeholder="Your Password" value="<?php echo addslashes($_POST['email']);?>" />

    <input type="submit" name="submit" value="Sign Up" />

</form>


<form method="post">

    <input type="email" name="loginemail" id="loginemail" placeholder="Your Email" value="<?php echo addslashes($_POST['loginemail']);?>" />

    <input type="password" name="loginpassword" id="loginpassword" placeholder="Your Password" value="<?php echo addslashes($_POST['loginemail']);?>" />

    <input type="submit" name="submit" value="Log In" />

</form>
Improve this question
1
  • Thanks for the help on my post edit there Nishant. Commented Apr 17, 2015 at 11:09

3 Answers 3

Reset to default
3

Your logic is wrong:

if ($error) {
   echo "There were error(s) in your signup details:".$error;
} else {
   ...
   // here `$results` is set
}

// What happens if `$results` is not set?
if ($results) {
   echo "That email address is already in registered. Do you want to log in?"; 
} else {
   // Yep, we go here...
   // insert!

Note that if there is an error, $results will not be set so you will enter in the else part of your second if statement, inserting a faulty row.

You should put everything inside your error-free block or check again when you want to insert:

if ($results && !$error) {

Or set $results to false in your error block, etc.. Several solutions possible.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hi Jerome. Thanks for your answer. I understand what you are saying, but as I am very very new to developing and PHP, I'm battling to put it into practise. If at all possible could you show me one of your solutions? Many Thanks.
@SeanRavenhill I already did, just replace your if ($results) { with if ($results && !$error) {.
@ jeroen Thanks for the quick reply. I did replace as suggested. Refreshed the page and even restarted the MAMP servers. Still get the same problem though.
0

Probably your DB table has an auto-increment field, so even if you insert empty values it will add a line.

Improve this answer

3 Comments

Hi Marco, thanks for the answer. I have a four column DB Table. With name, email and password set as text. And then id as an INT, PRIMARY with auto-increment field. How would I be able to sign up users with an id, and work around this auto-increment issue?
They have to add a unique username Or anyway email will be there. & id is not used for login or signup.
@SeanRavenhill as suggested by Misal, you have to check for empty values before the query. Autoincrement is the greatest thing since sliced bread, because it gives you an unique id without hassles.
0

Always use if(!isset($_POST['name'])) for validations otherwise the "empty" is also be a value for post. Try it out, hope this will help you.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.