Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Success message after submit

Tags:

php

Hey now i have this but when i register only the index.php page shows up. Without the success message. When the registry is completed i redirected to index.php?msg=1 so that's in my opinion correct?

<?php 

if (isset($_GET['msg'] == 1)) {

echo "You have successfully registered.";

}

require_once('connect.php');

$errors = array();

if (isset($_POST['submit'])) {

if(empty($_POST['username'])){ array_push($errors, 'You did not submit a username'); }

$old_usn = mysqli_query($connect, "SELECT id FROM users WHERE name = '".htmlentities($_POST['username'], ENT_QUOTES)."' LIMIT 1;") or die(mysqli_error());
if (mysqli_num_rows($old_usn) > 0) { array_push($errors, 'This username is already registered.'); }


if (sizeof($errors) == 0) { 

$username = htmlentities($_POST['username'], ENT_QUOTES);
$email = htmlentities($_POST['email'], ENT_QUOTES);

mysqli_query($connect, "INSERT INTO users (name, hashed_pw, email, joined)
VALUES ('{$username}', '{$password1}', '{$email}', NOW());") or die ($connection_error);

header('Location: index.php?msg=1');

}

}

?>
like image 704
DutcherGames Avatar asked Apr 10 '26 18:04

DutcherGames

2 Answers

if (isset($_GET['msg'] == 1)) that isn't the proper way to do this, since it will always be considered as being set.

You need to separate those into two conditions.

Such as:

if (isset($_GET['msg']) && $_GET['msg'] == 1)

I highly suggest you use a prepared statement though and password_hash().

What you have now, isn't safe at all.

If you do plan on going that route (which I hope you do), then please read over those manuals attentively for password_hash() and password_verify():

  • http://php.net/manual/en/function.password-hash.php
  • http://php.net/manual/en/function.password-verify.php

Note: You appear to have a missing variable set for $password1, so make sure it has value, otherwise your query will fail.

Also, mysqli_error() requires a database connection argument for it.

  • mysqli_error($connect)

This line or die ($connection_error) will throw you an undefined variable error, least for what you posted in the question.

like image 168
Funk Forty Niner Avatar answered Apr 12 '26 08:04

Funk Forty Niner

The issue is here:

if (isset($_GET['msg'] == 1)) {  // These are two different conditions, you have to separate them by using &

change it to:

if ( isset($_GET['msg']) && $_GET['msg'] == 1 ) {

and try again.

Your code is not safe at all, use prepared statement and store the hash password instead of plain one.

like image 34
Mayank Pandeyz Avatar answered Apr 12 '26 06:04

Mayank Pandeyz
Sign in to Comment

Related questions

How to append child in the div parent node?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!