0
<?php require_once("config.php"); ?>
<?php 
 if(isset($_POST['signup'])){ >gives no error, but does not post
  extract($_POST);
 
          $sql="select * from users where (username='$username' or email='$email');";
      $res=mysqli_query($link,$sql);
   if (mysqli_num_rows($res) > 0) {
$row = mysqli_fetch_assoc($res);

     if($username==$row['username'])
     {
           $error[] ='Username alredy Exists.';
          } 
       if($email==$row['email'])
       {
            $error[] ='Email alredy Exists.';
          } 
      }
         if(!isset($error)){ 
             
            $options = array("cost"=>4);
    $password = password_hash($password,PASSWORD_BCRYPT,$options); > password hash
            
            $result = mysqli_query($link,"INSERT into users(username,password,email,address,country,city) values('$username','$password','$username','$email','$address','$country','$city')");

           if($result)
    {
     $done=2; 
    }
    else{
      $error[] ='Failed : Something went wrong';
    }
 }
 } ?>

what am i doing wrong? kinda just starting out php programming, tried adding more variables to a registration form and it just stopped posting data. any help would be really appreciated!

Segreto
  • 9
  • 1
  • 6 columns, 7 values -- `$username` doesn't match up to a column listed. – aynber May 23 '22 at 15:31
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman May 23 '22 at 15:43

0 Answers0