-1

I am creating a sign up form using html and php, and when I click sing up i got an error:

http://localhost/quiz/SinginUp/singup.html?first=Calin&last=Onaca&email=onaca.calin%40gmail.com&age=20&uid=calinonaca1&pwd=qwerty1234&cpwd=qwerty1234&submit=

Nothing after ...&submit=

I checked my code and i cant realise what i did wrong.

<form action="includes/signup.php" method="POST">

here's my action call

and here's my signup.php

<?php
  if(isset($_POST['submit']))
  {
      mysqli_connect('127.0.0.1', 'admin', 'admin', 'quiz');
      $conn=mysqli_connect('127.0.0.1', 'admin', 'admin', 'quiz');
      $first = mysqli_real_escape_string( $conn,$_POST['first']);
      $last = mysqli_real_escape_string( $conn ,$_POST['last']);
      $email = mysqli_real_escape_string( $conn,$_POST['email']);
      $age = mysqli_real_escape_string( $conn,$_POST['age']);
      $uid = mysqli_real_escape_string( $conn,$_POST['uid']);
      $pwd = mysqli_real_escape_string( $conn,$_POST['pwd']);



      if(empty($first)||empty($last)|| empty($email) ||empty($age)||empty($uid)||empty($pwd)||empty($cpwd))
      {
        header("Location: ../signup.html?signup=empty");
      exit();  
      }
      else {
           if(!preg_match("/^[a-ZA-Z]*$/", $first) || !preg_match("/^[a-ZA-Z]*$/", $last) ){
               header("Location: ../signup.html?singup=invalid");
      exit();
           }else
           {
               if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
                   header("Location: ../signup.html?singup=email");
      exit();

               }
               else  
               {
                   if(!preg_match("/^[0-9]*$/", $age)){
               header("Location: ../signup.html?singup=invalid");
      exit();
           }else{
                     $sql = "SELECT * FROM users WHERE user_uid='$uid'";
                       $result= mysqli_query($conn, $sql);
                       $resultCheck= mysqli_num_rows($result);
                       if($resultCheck > 0)
                       {
                           header("Location: ../signup.html?singup=userTaken");
      exit();
                       }

                           else
                           {
                               $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
                               $sql="INSERT INTO users (user_first, user_last, user_email, user_age, user_uid, user_pwd) VALUES ('$first', '$last','$email','$age','$uid','$hashedPwd');";
                            mysqli_query($conn,$sql);
                               header("Location: ../index.html?singup=succes");
      exit();

                           }
                       }
                   }
               }
           }
      }

  } else
  {
      header("Location: ../signup.html?signup=failed");
      exit();
  }

?>

I didnt get the failed message if something went wrong, and the browsers compiler said its everything allright..

Johan
  • 3,435
  • 1
  • 13
  • 26
Calin Onaca
  • 17
  • 6
  • 1
    You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. – John Conde Oct 01 '18 at 14:09

1 Answers1

0

It looks like your script is only looking for $_POST data so if you try to link to the page with the variables in the URL (like your example), then the script will not find the data.

Instead the script needs to either look at $_GET (URL variables only) or can use $_REQUEST (includes GET, POST and COOKIE variables.

Would also add some debug code to an else statement that outputs if there is no data in the request so you can verify it’s parsing the info like you expect. Hope that helps.

MackelRow
  • 92
  • 1
  • 7