Jump to content
Please Use CODE Tags

Simple PHP register script

Bartb56
By Bartb56
in Programming
 Share
Posted

Hey im trying to create a simple php register script using this code but it keeps staying on this page after i press register pls help 


<?php
    include ('dbconn.php');
    
    $newuser = $_POST['usernameinput'];
    $newpwd = $_POST['passwordinput'];
    
    $insert = mysqli_query($con, "INSERT INTO users (`username`, `password`) VALUES ('".$newuser."', '".$newpwd."');");
    
    if ($insert) {
        header("Location: /beta/reg-success");
    }
?>

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Dropping the values into the SQL like that is a sure fast way to make your website vulnerable to SQL injection. Personally, I  wrap PDO in a class like this.

 

dbconn.php

  

class db {
  private static $handle;
  public static function connect($host, $username, $password, $db){
  self::$handle = new PDO("mysql:host={$host};dbname={$db}", $username, $password);
  self::$handle->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
  }
  public static function query($sql, $args=null){
  $sth = self::$handle->prepare($sql);
  $sth->execute($args);
  return $sth;
  }
  public static function authcheck(){
    if(isset($_SESSION['login'])){
      return true;
    }else{
      return false;
    }
  }
//end of class
}

then in the page 

  

include('dbconn.php');
db::connect("host", "username", "password", "database");

$newuser = $_POST['usernameinput'];
$newpwd = $_POST['passwordinput'];

$sql = db::query("INSERT INTO `users` (`username`, `password`) VALUES (:u, :p)",
  array(":u" => $_POST['usernameinput']], ":p" => $_POST['passwordinput']));

if ($sql) {
        header("Location: /beta/reg-success");
}else{
//you should put an else
echo('Failed')
}

 

                     ¸„»°'´¸„»°'´ Vorticalbox `'°«„¸`'°«„¸
`'°«„¸¸„»°'´¸„»°'´`'°«„¸Scientia Potentia est  ¸„»°'´`'°«„¸`'°«„¸¸„»°'´

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
5 minutes ago, vorticalbox said:

Dropping the values into the SQL like that is a sure fast way to make your website vulnerable to SQL injection. Personally, I  wrap PDO in a class like this.

 

Ty do you maybe know why my 


header("Location: /beta/reg-success");

is still not working?

i tried doing it with index.php but that also failed to work

 

5 minutes ago, vorticalbox said:

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

@Bartb56 Not a clue why that doesn't work. 

                     ¸„»°'´¸„»°'´ Vorticalbox `'°«„¸`'°«„¸
`'°«„¸¸„»°'´¸„»°'´`'°«„¸Scientia Potentia est  ¸„»°'´`'°«„¸`'°«„¸¸„»°'´

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

yeah it keeps staying on the same page been struggling with that for 20mins now

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
8 minutes ago, Bartb56 said:

yeah it keeps staying on the same page been struggling with that for 20mins now

well, it is in an if so the likely answer is that the query isn't working. Move it outside of the if and see if it works then.

                     ¸„»°'´¸„»°'´ Vorticalbox `'°«„¸`'°«„¸
`'°«„¸¸„»°'´¸„»°'´`'°«„¸Scientia Potentia est  ¸„»°'´`'°«„¸`'°«„¸¸„»°'´

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 hours ago, vorticalbox said:

well, it is in an if so the likely answer is that the query isn't working. Move it outside of the if and see if it works then.

i tried didn't work

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×